The U.S. Federal Bureau of Investigation (FBI) issued an industry-wide warning about possible attacks on exchanges and crypto holders this week. The institution declared that there are threats actively tracking virtual asset platforms in order to take hold of these assets, causing financial losses in the process. Sim swapping, account theft and tech support staff are the means to accomplish these attacks.
FBI Anticipates Cryptocurrency Attacks
The FBI issued a warning against upcoming attacks on cryptocurrency exchanges and holders last week. The warning was distributed using the TLP protocol, designed to distribute the desired information with certain groups. It received the Green designation, meaning the FBI allows peers and partner organizations in the crypto community to share this information.
The FBI states there are groups actively tracking vulnerabilities in these companies to take action. It explains these groups are using a group of techniques to achieve these means. These techniques include sim swapping, tech support fraud, and account stealing. The warning also details some recommendations for institutions to maintain their holdings safe: keeping watch on incoming mails and monitor accounts for unusual movements.
The FBI advises cryptocurrency holders to always use two-factor authentication and be aware of the information they share on social media. However, it is very difficult to prevent sim swap attacks.
Sim swap attacks are difficult to tackle because they are relatively easy to complete. The attacker just needs to get hold of the telephone number of the potential victim. Then these attackers proceed in two different forms: the first one involves identity theft, with the attackers fooling tech reps into believing the affected person lost or damaged the sim card. This prompts them to issue a new sim card to the attacker.
The other vector involves insider contacts in a telephone carrier. The attacker leverages this contact to obtain a new sim with the number of the potential victim. This allows them to gain access from exchanges even if there is some kind of multi-factor authentication defense in place. The FBI has warned about these dangers before.
Some high-profile sim swapping cases have been in the public eye: Michael Terpin, a blockchain investor, sued AT&T for $200 million in damages for negligence after suffering a sin swap attack back in 2020. A judge ultimately dismissed the lawsuit, but it put sim swapping and cryptocurrencies in the public eye. Furthermore, Europol thwarted a sim swapping operation that had stolen more than $100 in cryptocurrencies last February.