In his post, Coone details SIM swapping, a practice that sees the attacker maliciously requesting a telecommunications carrier to redirect the traffic of a mobile phone number to a device over which they have control. This device is then used to obtain two-factor-authentication (2FA) codes which grant control over the victim’s online account.
After describing in detail how the attack had been carried out, Coone noted his recommendations to prevent such attacks, including using a hardware wallet to secure personal cryptocurrency holdings and using a YubiKey for 2FA. In cases in which a YubiKey is not supported, he recommends using Google Voice 2FA, since he claims those numbers are not vulnerable to SIM swapping.
Lastly, Coonce also suggests using a password manager and reducing a user’s personal online footprint by publicly sharing less personal information online. He stated that he “can’t stop thinking about the small, easy things I could have done to protect myself along the way,” and added:
“Given my naive security practices, I probably deserved to get hacked.”
As Cointelegraph reported earlier this month, United States blockchain and crypto investor Michael Terpin has won $75.8 million in a civil case against 21-year-old Nicholas Truglia, who reportedly defrauded him of crypto assets through SIM swapping.
Also in May, the U.S. Department of Justice released a fifteen-count indictment charging a hacking group labeled “The Community” with SIM swapping in order to steal cryptocurrencies.