This weekend I was the target of a SIM Swapping hack. Long story short, an attacker tricked (or colluded with) someone at AT&T into forking over control of my phone number, which they then used to back-door their way into my email accounts through SMS-based recovery.
Once they gained access to my email accounts, they were then able to reset passwords and bypass 2FA on all of my crypto accounts. Coinbase, Binance, Blockchain, Bittrex, Cryptopia, you name it... they got into it.
This is my raw and unfiltered reaction to being hacked, just 90 minutes after it started / I was able to shut it down:
90 minutes was all they needed to steal everything I had on these accounts. The scary part is that my operational security is most likely higher than the average bear (pun intended), but I was still compromised. Which means... it's probably time that you re-visit your own OpSec.
There are A LOT of important lessons to be learned here:
Use Google Authenticator or Authy for 2FA wherever possible, especially on your email accounts. SMS-based 2FA is WEAK and can be bypassed through SIM Swapping attacks.
Maybe your technical security is good, but what about your social security? Are you protected against social engineering?
Buy a hardware wallet! (Trezor Model T, KeepKey, Ledger Nano X)
Use your hardware wallet!
THANK GOD FOR HARDWARE WALLETS!
This is a huge, teachable moment for me. I'll be back... soon... with a video recap of this entire experience once I'm ready to share more details about the ongoing investigation.
This post was shared in the Curation Collective Discord community
community witness. Please consider using one of your witness votes on us here for curators, and upvoted and resteemed by the @c-squared community account after manual review.@c-squared runs a
I've always heard about these sort of things the attacker must know you are crypto lover to even start such a process.
Agreed, I was definitely targeted.
That is certainly frightening. Nice video by the way.
Thank you
Congratulations @joncursi! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :
<table><tr><td><span><img src="https://images.hive.blog/768x0/https://steemitimages.com/60x70/http://steemitboard.com/@joncursi/voted.png?201904231846" srcset="https://images.hive.blog/768x0/https://steemitimages.com/60x70/http://steemitboard.com/@joncursi/voted.png?201904231846 1x, https://images.hive.blog/1536x0/https://steemitimages.com/60x70/http://steemitboard.com/@joncursi/voted.png?201904231846 2x" /><td>You received more than 100 upvotes. Your next target is to reach 250 upvotes. <p dir="auto"><sub><em>You can view <a href="https://steemitboard.com/@joncursi" target="_blank" rel="noreferrer noopener" title="This link will take you away from hive.blog" class="external_link">your badges on your Steem Board and compare to others on the <a href="http://steemitboard.com/ranking/index.php?name=joncursi" target="_blank" rel="noreferrer noopener" title="This link will take you away from hive.blog" class="external_link">Steem Ranking<br /> <sub><em>If you no longer want to receive notifications, reply to this comment with the word <code>STOP <h6><a href="https://v2.steemconnect.com/sign/account-witness-vote?witness=steemitboard&approve=1" target="_blank" rel="noreferrer noopener" title="This link will take you away from hive.blog" class="external_link">Vote for @Steemitboard as a witness to get one more award and increased upvotes!