Wave of SIM swapping attacks hit US cryptocurrency users
A massive SIM swapping campaign has hit numerous members of the US cryptocurrency community over the past week. The aim of a SIM swapping attack is for the threat actor to get the phone number of a victim assigned to a SIM card they control. The criminal can subsequently use this phone number to obtain access to email and other user accounts of the victim that are linked to the phone number, which is exactly what happened in this recent campaign. Various victims had cryptocurrency stolen because the attackers were able to take over user accounts for cryptocurrency exchanges.
SIM swapping attacks usually occur in one of three ways: The threat actor bribes or blackmails a mobile store staff member; the threat actor is a (former) mobile store employee with the access needed to carry out the swap; or the attacker is a (former) mobile store employee who manipulates colleagues into performing the swap. It is not clear which method the attackers followed in this case. However, the perpetrators of SIM swapping attacks are usually caught in the end, because telecom providers collect plenty of information on users that can be used to track down attackers.