Cryptocurrency investor Michael Terpin is probably used to seeing big swings in the value of his holdings, as what can happen when investing in Bitcoin and other cryptocurrencies. But The Wall Street Journal recently reported that he lost a staggering sum due to not market fluctuations, but a new kind of cyberattack known as SIM swapping.
Terpin fell victim to a SIM swap that cost him about 1,500 bitcoins, which at the time were valued at roughly $24 million. That was back in January of 2018, shortly after Bitcoin hit a record price peak. How did it happen? The SIM swap hack works by first gaining control of the victim's phone number (the "SIM swap"), then using it to hack into their email and other online accounts. In Terpin's case, the thieves accessed his online crypto wallet, stealing the bitcoins inside and exchanging them for cash. And because this wasn't the first time Terpin had been hacked in such a way, he says his security measures were fairly elaborate, still failing to protect him from these increasingly savvy thieves:
"On a scale of 1 to 10, I'd say my security protections were a 9.8 or higher. But these hackers, all they do is sit around in a basement and figure out ways of hacking people."
Terpin also says he still doesn't know exactly how the hack worked in the first place, but that he suspects that a rogue employee – or employees – at an authorized cell phone store were the ones who gave control of his phone number over to the hackers.
SIM swaps work by targeting specific victims and involve a lot of precision and exactitude, so you're not likely to be hit by one randomly. But experts say that using two-factor authentication in your online accounts is one way to stymie these sorts of hacks.