Protecting Yourself from Sim Swapping – Crypto Security
Let me start by saying there are dozens of precautions most people know about when it comes to crypto. From wallet choices to not saying your holdings publicly. But there is one that I see that is not mentioned very frequently. So I wanted to shed light on it. Something a little different, but very devastating. This is especially unknown to new crypto holders.
And that is how to protect yourself from Sim Swapping.
TL:DR You can skip to the last section that explains how to protect yourself
What is Sim Swapping?
SIM swapping occurs when someone contacts your wireless carrier and is able to convince the call center employee that they are, in fact, you, using your personal data. And you would be absolutely shocked how easy it is to do over the phone.
They do this by using data that’s often exposed in hacks, data breaches, or information you publicly share on social networks to trick the call center employ into switching the SIM card linked to your phone number, and replace it with a SIM card in their possession. This gives them complete control to incoming text messages and anything related to your phone number.
Why should I care?
Well apart from the annoyance of having to go through endless customer support to get your phone number back, the main reason it is worrisome is because many many services use SMS 2-factor authentication. For example, if your G-Mail uses SMS 2FA, the attacker could take control of your e-mail. I don’t need to explain how devastating that is. If they get your e-mail, they get access to various password recoveries. People could steal your gaming accounts, get into your bank apps, etc.
Why is this relevant to Cryptocurrency?
By now you’re wondering why I am posting this in a crypto guide. Well… Cryptocurrency holders are notoriously targeted by Sim Swapping and are among the most popular target groups for these types of attacks. Sim Swappers specifically look at the hacked and released lists of contact information taken from well known crypto hacks. For example, if your contact information was leaked in the Ledger hack, then you could be a target.
It could even be from a hack unrelated to crypto but your information has a very specific username that is also used in a crypto forum or subreddit.
Many many users use phone 2FA on exchanges like Binance. If they sim swap you, they could very easily withdraw funds from your wallet into their own. Crypto is a perfect target because it could be hard to track compared to bank hacks.
How can I protect myself?
Here’s the big question. Well, turns out it isn’t that difficult. There are 2 main ways to protect yourself:
- NEVER use your phone for 2FA as the sole source of 2FA. Yes it’s convenient, I know. But, always use your e-mail or better yet a secured authenticator. This goes for exchanges but more importantly your Main Email that is used for forgotten passwords.
- This one is often overlooked and it only takes a few minutes (not including wait times). For now, Call up your phone provider and ask for Port Protection. I can only speak for North America, but most providers offer this. Some by default, but most require a call. What this does is it creates an extra layer of security if somebody calls to have your number swapped to another SIM. This is handled differently by different providers, but a popular method is you will be texted to your current phone to confirm BEFORE they transfer it over. I took this precaution and it took me less than 10 minutes, including wait times.