Federal prosecutors in the US Attorney’s Office for the Eastern District of Michigan recently charged a group of hackers for stealing more than $2.4 million worth of cryptocurrencies by SIM swap attacks.
Three mobile phone company employees were also charged for receiving bribes and assisting the said hackers to steal the identities of subscribers.
The US prosecutors accused the gang, “The Community” of controlling their victims’ mobile phone numbers and intercepting phone calls and text messages.
According to the allegations, the hackers bribed mobile phone company employees to assist them with their malicious intent.
In addition, the hackers used social engineering, a process by which they contact a mobile phone provider’s customer service pretending as victims of phone hacking. Once they have convinced the customer service representatives, the hackers then asked the CSR to swap phone numbers connected to the SIM cards of the victims to their own SIM cards.
Once the hackers gained control of the victims’ phone numbers, they can easily hack their way through various information of the victims including their cryptocurrency accounts.
According to the indictment charges, the hackers have already amassed $2,416, 352 worth of cryptocurrencies after hijacking the cryptocurrency wallets and crypto exchange accounts of the victims.
If convicted, each of the named hackers will be guilty of wire fraud and face a maximum penalty of 20 years imprisonment.
What is not clear though is whether the cryptocurrencies stolen will be returned to the respective victims. Cryptocurrency theft through SIM swapping has been rampant in the past few years. And in these incidents, the victims rarely have their digital money returned.
So, for those who have not experienced this kind of crime yet, it would be wise to take a few precautions to prevent SIM swapping and hijacking.
These tips include watching out for phishing emails and fake websites, avoiding answering account security questions, using on-access anti-virus and making sure that it is updated, be suspicious of network failure alerts on mobile phones, and switching from SMS-based 2FA codes to codes generated through an authenticator app.