A cryptocurrency hacker has depleted the account of a Chinese whale of approximately $45 million in a SIM-swap attack.
A SIM swap attack is an act of porting a victim’s mobile number to another SIM card in possession of the attacker without the victim being aware. Subsequently, the adversary is able to access the target’s personal accounts such as emails and logins for crypto exchanges.
In this instance, the hacker accessed the investor’s account and successfully stole Bitcoin (BTC) and Bitcoin Cash (BC) worth $30 million and $15 million.
Approximately 1,547 BTC ($15 million) and 60,000 BCH ($30 million) were stolen from the account of a Reddit user that is known by the name of Zhoujianfu.
As soon as Zhoujianfu realized the lost funds from his account, he published a post on the “BTC” subreddit and sought help from BCH miners in invalidating the transaction at three confirmations:
It’s only had 3 confirmations if any miners/ the community can help somehow, I’ve got the private keys. Help help help… big reward obviously.
Nonetheless, as of press time, the transactions were found to have 73 confirmations:
In a subsequent post, he notes losing $15 million in Bitcoin to the hacker:
Also for what it’s worth, they got $15M in BTC too.. https://explorer.bitcoin.com/btc/address/1Edu4yBtfAKwGGsQSa45euTSAG6A2Zbone
To make the tracing of the crypto funds increasingly difficult, the hacker reportedly sent the funds from the affected addresses to others and subsequently split up the digital assets.
After the security incident, Dovey Wan, Founding Partner at Primitive Crypto, further conjectured that these coins could perhaps be sent through a mixing service.
Numerous Bitcoin owners have been targets of SIM swap attacks in the past.
Recently, Gregg Bennett, an angel investor, had filed a lawsuit against Cryptocurrency exchange Bittrex, alleging that Bittrex violated or ignored its own security measures and industry standards that permitted hackers to steal 100 Bitcoin (Worth approximately $1 million at the time of the attack) from Bennet’s account in April 2019.
Bennet was also a victim of a SIM card hack, who then tried to alert Bittrex. Nevertheless, Bittrex failed to pay attention to his warning for nearly two hours, enabling the hackers to deplete his account.
SIM swapping is not a new type of account takeover fraud. Nonetheless, more than $50 million (USD) has been reported stolen from over 800 individuals since 2018, though a fresh wave of organized attacks targets American cryptocurrency owners, particularly those utilizing “hot”, or online cryptocurrency wallets.