SIM Swap & Account Takeover Attacks

SIM swap attacks are one of the most devastating threats to Bitcoin holders who rely on phone-based security. In a SIM swap, an attacker convinces your mobile carrier to transfer your phone number to a SIM card they control — giving them access to your SMS messages, including two-factor authentication codes.

How SIM Swap Attacks Work

The attack follows a predictable pattern:

1. Research: The attacker gathers your personal information — name, phone number, address, last four digits of your ID — from social media, data breaches, or social engineering.
2. Contact the carrier: They call your mobile provider (Dialog, Mobitel, or Airtel in Sri Lanka), pretending to be you, claiming they lost their phone or need a new SIM.
3. Transfer the number: Using the gathered personal details to pass security questions, they convince the carrier to activate a new SIM with your number.
4. Intercept codes: Your phone loses signal. Meanwhile, the attacker receives all your SMS messages — including 2FA codes from exchanges, email password resets, and banking OTPs.
5. Drain accounts: Within minutes, they reset passwords, bypass 2FA, and drain your exchange accounts or email-linked wallets.

Why Crypto Holders Are Prime Targets

SIM swap attacks disproportionately target crypto holders because:

• Irreversible transactions: Unlike bank transfers, Bitcoin transactions cannot be reversed. Once stolen, the funds are gone.
• Public wealth signals: People who discuss their Bitcoin holdings on social media make themselves targets.
• SMS 2FA reliance: Many exchanges default to SMS-based two-factor authentication, which SIM swaps completely bypass.
• High value, low effort: A single successful SIM swap can yield thousands or millions of dollars in crypto.

Account Takeover Beyond SIM Swaps

SIM swaps are just one form of account takeover. Other methods include:

• Credential stuffing: Using leaked username/password pairs from data breaches to log into exchange accounts. If you reuse passwords, this will catch you.
• Session hijacking: Stealing active browser sessions through malware or public Wi-Fi interception.
• Email compromise: Taking over your email account first (often via SIM swap), then using "forgot password" flows to access everything else.
• OAuth token theft: Stealing authorization tokens from compromised apps that have access to your accounts.

Protection Measures

Defending against SIM swaps and account takeovers requires layered security:

• Never use SMS for 2FA on any crypto-related account. Use authenticator apps (Google Authenticator, Authy) or hardware keys (YubiKey) instead.
• Set a carrier PIN/password: Contact Dialog, Mobitel, or your carrier and set a PIN that must be provided before any SIM changes. In Sri Lanka, visit a carrier store in person to add this protection.
• Use unique passwords everywhere: A password manager (Bitwarden, 1Password) generates and stores unique passwords for every account.
• Use a dedicated email for crypto: Create a separate email address (ProtonMail recommended) used only for exchange accounts — never share it publicly.
• Enable withdrawal address whitelisting: Most major exchanges allow you to lock withdrawals to pre-approved addresses, with a 24-48 hour delay for new addresses.

For Sri Lankan users, the carrier PIN is especially important. Sri Lankan telecom providers have historically had weaker identity verification for SIM replacements compared to Western carriers. A personal visit to your Dialog or Mobitel store to set up additional security measures is a small investment of time that can prevent catastrophic loss.