About Recommendations For exchangers Invest Services NEW
Back to blog

SIM Swap Attacks: How Crypto Gets Stolen Through Your Phone Number

The most vulnerable part of crypto security is often not the wallet, but a regular phone number. A scammer sometimes only needs a few minutes to reissue a number to their own SIM or eSIM and intercept SMS codes for password resets, exchange logins, and fund withdrawals. Regulators and industry reports have long been saying the same thing: SMS is not considered a reliable security method, and social engineering remains one of the most effective attack tools. The conclusion is simple: if an attacker intercepts your number, access to your accounts and coins can be lost in a matter of minutes.

In this article:

  1. What is a SIM swap and why does it work?
  2. How criminals steal cryptocurrency via phone numbers
  3. Why cryptocurrency is attractive for attacks
  4. The main mistakes victims make
  5. How to protect yourself from a SIM swap

What is a SIM swap and why does it work?

A SIM swap is the transfer of a phone number to an attacker's SIM/eSIM via a mobile carrier. The attacker then receives the victim's calls and SMS (including one-time codes), resets access to email and exchanges, and steals money and tokens.

How it's done:

  • Attackers first gather data about a person from leaks and public profiles.
  • Then, through social engineering and vulnerabilities in carrier procedures, they gain control over the number—resulting in them having access to SMS and calls.
  • After that, the scammers receive codes and gain access to email and exchanges, reset passwords, and withdraw funds.

We are not teaching how to do this, but warning you: this chain of attacks turns a phone into a weak link in security.

Why it still works:

  • Weak identity verification. When replacing a SIM or porting a number, the client's identity is confirmed using "personal" data—maiden name, recent payment amounts, date of birth. After data leaks, such information is easy to forge or buy. Regulators are introducing new security rules, but in general, the industry is only gradually bringing protection up to the level of modern threats.
  • SMS is a vulnerable second factor. The National Institute of Standards and Technology (NIST) has warned for years: SMS codes are insecure because they travel over a separate communication channel that is easy to intercept. In practice, however, SMS is most often used for account recovery.
  • Social engineering is on the rise. According to the DBIR report—one of the world's leading studies on cyberattacks—techniques such as pretexting (pretending to be a bank employee or a client) and phishing remain among the top causes of successful attacks.
  • eSIM speeds up the process. The swap can be done entirely remotely, without a physical card; this is noted by both industry reviews and the media.

How criminals steal cryptocurrency via phone numbers

A SIM swap itself is only the first step. The main event begins after the number has migrated to someone else's SIM or eSIM. Here is what the scheme looks like in reality:

  1. Loss of network for the victim. The phone suddenly stops receiving a signal. At this moment, the attacker is already holding the active number.
  2. Interception of SMS and calls. All confirmation codes, messages from exchanges, banks, and email go to them. For many services, this is enough to reset a password.
  3. Resetting access to email and exchanges. The first target is email: it opens the doors to crypto exchanges and wallets. According to Chainalysis statistics, in 2023, SIM swapping was used in a number of major hacks as the "entry point" to user accounts.
  4. Logging into accounts and withdrawing funds. The attacker has the login code—and no blockchain will stop them: transactions cannot be canceled, and the exchange's support service is powerless in such cases. Lost funds are not returned.
  5. Accelerated withdrawal via various services. The movement of funds is dispersed across dozens of addresses, making them impossible to recover.

There are also high-profile real-world cases. In 2023, Blockchain Capital co-founder Bart Stephens reported that he lost about $6.3 million in cryptocurrency after a SIM swap attack. The attacker intercepted his number and gained access to accounts linked to the phone.

The main takeaway: as soon as a number is under an attacker's control, cryptocurrency disappears very quickly. SMS-2FA, which many consider sufficient protection, becomes a direct "key to the apartment" in such a situation.

Why cryptocurrency is attractive for attacks

✓ Instant and irreversible transfers.
Unlike bank transactions, which can be frozen or disputed, cryptocurrency transactions on the blockchain are final. For a scammer, this is the ideal scenario: once funds are sent, it is impossible to get them back.

✓ High concentration of assets.
Crypto traders and investors often keep tens of thousands of dollars on centralized exchanges. For an attacker, this is a jackpot at a single entry point.

✓ Vulnerability of SMS authentication.
Although almost all major exchanges offer more secure protection methods (authenticator apps or hardware keys), many continue to rely on SMS. For an attacker, this is the perfect option: once the number is intercepted, access to the account is open.

✓ Anonymity and speed of cashing out.
After the theft, the coins are instantly moved through P2P platforms, mixers, or decentralized exchanges. In the case of a bank, withdrawing money is much more difficult: suspicious transfers are tracked automatically and are often blocked before they are even credited.

✓ Lack of legal precedent in Russia.
In the Russian Federation, cryptocurrency is not recognized as a legal means of payment, so investigating such thefts is not easy: you can file a report, but proving the damage and taking the case to court is extremely difficult.

The main mistakes victims make

Most SIM swap attacks succeed not because of the genius of hackers, but because of the banal miscalculations of the users themselves. Criminals know: the simpler the protection, the easier it is to bypass. One call to a call center is enough to gain access to someone else's funds. Below are the most common mistakes that attackers exploit.

  • Trust in SMS codes. Exchanges and banks have long supported more secure protection methods—authenticator apps and hardware keys. But in practice, most users continue to rely on SMS.
  • One number for everything. Email, social networks, exchanges, banks—everything is tied to one phone. It is enough to steal it, and the attacker gets full access to your entire digital life. Many do not think that it is better to have a separate number (or eSIM) just for the exchange, without public links.
  • Using the same email for exchanges and everyday services. When the address linked to an exchange is the same as the email used for food delivery and discount subscriptions, the risk of leaks increases sharply. It is often from email that the hack begins: password resets, recovery, new codes.
  • Storing funds on an exchange. Hundreds of millions of dollars are lost every year from centralized platforms. The main mistake: keeping assets there as a "long-term safe."

How to protect yourself from a SIM swap

A SIM swap cannot be completely eliminated: the vulnerability is built into the way carriers operate. But the risk can be minimized. And the measures are quite simple. It is not a question of technology, but of discipline.

  1. It is better to remove SMS from your second factor of protection. For exchanges and wallets, it is safer to use an authenticator app or a hardware key.
  2. Number porting should be restricted as much as the carrier allows. A ban on remote reissuance and any settings where changes are only available after in-person document verification will work. This is not absolute protection, but it will be a serious barrier for 90% of attackers.
  3. It is advisable to keep a separate number for exchanges and crypto services. The most secure option is an eSIM that is not used anywhere else, does not appear on messengers, and is not linked to orders, deliveries, or everyday services.
  4. It is also better to separate email and accounts. For cryptocurrency operations, it is safer to use a separate email account with its own protection via an authenticator app or a hardware key.
  5. It is useful to enable notifications for logins from new devices in advance and think through a backup communication channel. In the event of an attack, this gives you a chance to quickly notice an unauthorized login, restore access, and stop the withdrawal of funds before it is too late.
  6. Data leaks should be checked regularly. If a phone number or email has already ended up in third-party databases, the risk of targeted attacks becomes higher. The sooner this is discovered, the more time you have to replace weak links and strengthen your protection.
  7. There must be a response plan. Lost network? The first thing to do is call the carrier from an alternative number and block the SIM. In parallel, you need to reset access to the exchange via a backup email and freeze the account. There will be little time—it will be a matter of minutes.

A SIM swap is not an exotic hacking technique, but a mass-market scheme that hits the most vulnerable users. While mobile carriers are improving their security, the responsibility remains with us. A couple of simple steps can decide whether your deposit remains safe or falls into the wrong hands.

⚠️ This material is for informational purposes only. All recommendations are aimed at increasing user security.

Back to blog
Telegram