This website collects cookies to deliver better user experience. Cookie Policy
Accept
Sign In
The Wall Street Publication
  • Home
  • Trending
  • U.S
  • World
  • Politics
  • Business
    • Business
    • Economy
    • Real Estate
    • Markets
    • Personal Finance
  • Tech
  • Lifestyle
    • Lifestyle
    • Style
    • Arts
  • Health
  • Sports
  • Entertainment
Reading: Hackers Circle as Individual Investors Pour Cash Into Crypto
Share
The Wall Street PublicationThe Wall Street Publication
Font ResizerAa
Search
  • Home
  • Trending
  • U.S
  • World
  • Politics
  • Business
    • Business
    • Economy
    • Real Estate
    • Markets
    • Personal Finance
  • Tech
  • Lifestyle
    • Lifestyle
    • Style
    • Arts
  • Health
  • Sports
  • Entertainment
Have an existing account? Sign In
Follow US
© 2024 The Wall Street Publication. All Rights Reserved.
The Wall Street Publication > Blog > Tech > Hackers Circle as Individual Investors Pour Cash Into Crypto
Tech

Hackers Circle as Individual Investors Pour Cash Into Crypto

Editorial Board Published November 21, 2021
Share
Hackers Circle as Individual Investors Pour Cash Into Crypto
SHARE

Rosa Maguina plowed a big chunk of her savings into cryptocurrency early this year, joining other individual investors trying to strike while bitcoin was hot. The funds vanished after a hacker hijacked her phone number for just two hours.

Contents
Newsletter Sign-upWSJ Pro CybersecurityAhmed Khattak, chief executive and founder of US Mobile.

Ms. Maguina, who runs an events logistics business with her husband in Doral, Fla., said she was about to go to sleep on July 5 when she noticed her phone lost its signal. By the time Ms. Maguina’s service was restored, she said, an unauthorized user had changed her passwords for trading platforms Binance and Coinbase and initiated transactions that emptied her accounts of crypto valued at around $80,000 at the time.

“It was like someone coming through the window or backdoor into your house,” Ms. Maguina said. “You feel that there’s nothing you can do.”

Criminals have a history of stealing money from wealthy or well-known crypto investors through SIM swaps, or switching a phone number from one device’s subscriber identity module to another. But the crypto boom among mom-and-pop investors has led hackers to increasingly circle targets like Ms. Maguina, according to cybersecurity experts, lawyers and law-enforcement officials.


Newsletter Sign-up

WSJ Pro Cybersecurity

Cybersecurity news, analysis and insights from WSJ’s global team of reporters and editors.


The attacks on small investors have sparked legal battles with cellphone carriers, led customers to change plans and pushed some telecom companies to tweak security measures. Law-enforcement agencies are trying to team up across jurisdictions in response to a broadening pool of potential victims. The Federal Communications Commission is honing rules for wireless carriers aimed at limiting SIM-swap fraud, proposing tighter restrictions on how they switch numbers between devices and carriers.

Some wireless companies say federal rules could make matters worse for consumers.

AT&T Inc. on Monday said the agency’s proposed regulations could give hackers a blueprint for attacks and add friction for legitimate customers who need to switch devices or carriers. AT&T said customers make hundreds of thousands of such requests a month. A fraction of 1% of them—potentially totaling thousands—are fraudulent, the company said.

“Carriers must be agile and innovative in fighting fraud and should not be anchored by prescriptive requirements tied to specific technologies or methods,” AT&T said.

The company warned against some measures floated by the FCC, such as notifications to phone users of SIM-swap requests and potential 24-hour delays to execute them.

Customers conduct SIM swaps when they take their numbers to new phones, while the related act of “porting out” switches numbers to different carriers. Hackers can impersonate phone users with various types of account information or personal data, said Kevin Lee, lead author of a 2020 Princeton University study on SIM swaps.

The process can take “no more than 10 minutes, barring the customer-hold music and stuff like that,” said Mr. Lee, whose team was able to exploit authorization measures for prepaid plans offered by AT&T, T-Mobile US Inc. and Verizon Communications Inc. Mr. Lee said most customers for the firms, which dominate the domestic wireless market, have postpaid plans that could have different security measures.

AT&T told the FCC that it uses data-analytics tools to gauge the risk of postpaid customers’ SIM-swap requests. A spokesman for Verizon said it requires postpaid customers to use a one-time passcode when attempting to switch to another carrier. T-Mobile allows customers requesting SIM swaps by phone to use their account PIN, a one-time passcode or two-factor authentication, a representative said. The firm discontinued the use of logs showing recent incoming or outgoing call numbers in its authentication process following the Princeton study.

US Mobile, an upstart New York-based carrier with about 150,000 customers, has prohibited SIM swaps by phone and directs customers to its app, where it can vet their internet-protocol addresses and biometric data, Chief Executive Ahmed Khattak said.

“A lot of these hacking things are happening because of social engineering,” he added, referring to hackers tricking or co-opting wireless employees.

Criminals use the hijacked phone numbers to access victims’ financial or social-media accounts, often duping multifactor authentication measures based on text messages. A British man in 2019 allegedly stole $784,000 from a crypto-infrastructure firm in New York using a SIM swap, according to an indictment unsealed this month. The man allegedly took over an executive’s phone number, accessed internal computer systems and transferred funds from a clients’ digital wallet.

Ahmed Khattak, chief executive and founder of US Mobile.

Photo: US Mobile

Hackers’ apparent shift toward individual investors has added a layer of complexity to ensuing investigations, said David Berry, an agent at React Task Force, a Bay Area investigative group focused on cybercrime.

“If you come to [prosecutors] with a $1 million loss, you’ll get their attention,” he said. “If you come to them with a $10,000 or $20,000 loss, you might not.”

Such losses can nevertheless be huge for investors like Richard Harris, an independent contractor in Philadelphia.

“It felt as if someone had taken my 401(k) or my Social Security,” he said.

Mr. Harris sued T-Mobile in July, alleging the company’s practices didn’t meet federal standards and allowed a hacker to take over his phone number in 2020 and steal bitcoin worth nearly $15,000 at the time, and more now.

T-Mobile declined to comment on the suit but motioned to move the case to arbitration. Like Verizon and AT&T, the company requires arbitration to resolve disputes in its terms of service, often leading to closed-door settlements.

“If you come to [prosecutors] with a $1 million loss, you’ll get their attention. If you come to them with a $10,000 or $20,000 loss, you might not.”

— David Berry, an agent at React Task Force, an investigative group focused on cybercrime

Amid mounting complaints, the FCC in September proposed regulations mandating wireless companies verify users’ passwords or send one-time passcodes. The rules would also require companies to tighten procedures for changing lost or stolen passwords, and restrict what data employees could divulge by phone or in stores.

An official for the FCC, which warns that consumer data breaches can give fraudsters information they need for SIM swaps, said the rule making could take several months.

Wireless industry trade group CTIA called for flexibility in the regulations and urged financial institutions and social-media companies to similarly bolster how they verify users.

Coinbase, the largest U.S.-based cryptocurrency exchange, uses machine-learning models to predict risks to users who request password changes, restricting trades on suspicious accounts, a company official said. Real-time SIM-swap data from carriers would help Coinbase’s screening process, the official added, but not all providers share information quickly. He declined to name them.

The official said Coinbase’s account-takeover rate has remained consistent as the platform has gained users, declining to provide detailed numbers. Binance, the world’s largest crypto exchange, didn’t respond to a request for comment.

Since Ms. Maguina’s phone number was taken over on July 5, bitcoin has climbed more than 70% in price to about $59,000 apiece as of Saturday.

“I don’t follow it anymore,” the 53-year-old said. “I don’t need to make this worse than what it is.”

Write to David Uberti at david.uberti@wsj.com

Copyright ©2021 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

TAGGED:Tech NewsWall Street Publication
Share This Article
Twitter Email Copy Link Print
Previous Article Supply-Chain Problems Show Signs of Easing Supply-Chain Problems Show Signs of Easing
Next Article DigitalBridge Rides Wave of Investment in Digital Infrastructure DigitalBridge Rides Wave of Investment in Digital Infrastructure

Editor's Pick

Used Cybertrucks plunge in worth as Musk’s nightmare yr will get worse

Used Cybertrucks plunge in worth as Musk’s nightmare yr will get worse

Homeowners of Tesla’s Cybertruck hoping to commerce of their autos to Tesla dealerships are actually studying that the worth of…

By Editorial Board 4 Min Read
Japan to Start Medical Trials for Synthetic Blood This 12 months
Japan to Start Medical Trials for Synthetic Blood This 12 months

credit score – Adrian Sulyok on Unsplash Japan is the primary nation…

4 Min Read
Richmond crow gained’t heed the message to go away
Richmond crow gained’t heed the message to go away

DEAR JOAN: I've had success with a pretend useless crow previously, not so…

4 Min Read

Oponion

Disappointing Meta, PayPal Earnings Send Shudders Through Stock Market

Disappointing Meta, PayPal Earnings Send Shudders Through Stock Market

Facebook’s parent company shed more than $230 billion in market…

February 4, 2022

Farmers react to Trump’s plan to fight egg disaster

Vp of Eggs Limitless Brian Moscogiuri…

March 3, 2025

Flying Motorcycles, Better E-Bikes and More Personal Transportation to Come

The Future of Everything covers the…

November 8, 2021

Kanye West to Buy Libertarian Social-Media Platform Parler

Listen to article(1 minute)Parler says Kanye…

October 17, 2022

Megyn Kelly Blasts Blake Energetic at Time100 Gala: ‘She Has No Affect Over Something’

Studying Time: 3 minutes The transfer…

April 26, 2025

You Might Also Like

The Landscape of International Trade in 2025: Constant Evolution and Strategic Shifts
TechTrending

The Landscape of International Trade in 2025: Constant Evolution and Strategic Shifts

The international trade landscape is in constant flux, and the year 2025 is no exception. According to expert Manoel Gil…

3 Min Read
TLI Ranked Highest-Rated 3PL on Google Reviews
TechTrending

TLI Ranked Highest-Rated 3PL on Google Reviews

EXTON, PA — Translogistics, Inc. (TLI), a trailblazer in the 3PL and managed logistics space since its founding in 1994,…

12 Min Read
The Finest LED Face Masks and Pink-Gentle Remedy for At-Dwelling Therapies
Tech

The Finest LED Face Masks and Pink-Gentle Remedy for At-Dwelling Therapies

Finest Cooling LED Face Masks{Photograph}: SHARKShark CryoGlow Pink Blue & Infrared iQLED Face Masks & Underneath Eye CoolingThe Shark CryoGlow…

4 Min Read
Which Google Pixel Telephone Ought to You Purchase?
Tech

Which Google Pixel Telephone Ought to You Purchase?

Google Pixel telephones are our favourite Android telephones right here at WIRED and have been for a number of years.…

6 Min Read
The Wall Street Publication

About Us

The Wall Street Publication, a distinguished part of the Enspirers News Group, stands as a beacon of excellence in journalism. Committed to delivering unfiltered global news, we pride ourselves on our trusted coverage of Politics, Business, Technology, and more.

Company

  • About Us
  • Newsroom Policies & Standards
  • Diversity & Inclusion
  • Careers
  • Media & Community Relations
  • WP Creative Group
  • Accessibility Statement

Contact

  • Contact Us
  • Contact Customer Care
  • Advertise
  • Licensing & Syndication
  • Request a Correction
  • Contact the Newsroom
  • Send a News Tip
  • Report a Vulnerability

Term of Use

  • Digital Products Terms of Sale
  • Terms of Service
  • Privacy Policy
  • Cookie Settings
  • Submissions & Discussion Policy
  • RSS Terms of Service
  • Ad Choices

© 2024 The Wall Street Publication. All Rights Reserved.

Welcome Back!

Sign in to your account

Lost your password?