Scott Melker Recounts How He Fell Victim to a SIM Swap Attack

Published at:
Regulation
Law
Hackers
Crimes
Security

Scott Melker, also known as the "Wolf of All Streets," says he was the victim of a SIM swap attack in February but managed to avoid losing any crypto assets.

In a Aug. 4 post on Melker’s website titled Security Tips And Lessons Learned From My Hack, the trader said he was able to protect access to his bank accounts, credit cards, and crypto exchanges after a hacker assumed his identity by tricking his phone carrier and diverted Melker’s communications to the hacker’s phone.

According to Melker, the hacker had access to his number and text messages — which would have given them access to all his funds if he’d relied on two-factor authentication (2FA) delivered via text message.

However he used a form of 2FA (Google Authenticator, Authy) which was kept on a separate, offline device. “This is the single thing that largely saved me from the most damage,” said Melker.

“Even with my logins and passwords, they were unable to access my 2FA. This gave me enough time to contact my banks, credit cards, crypto exchanges, etc. and have my accounts locked.”

Words of warning

Hackers reportedly stole $8.7 in crypto assets from Reggie Middleton, CEO of crypto firm Veritaseum, in a series of T-Mobile SIM swap attacks in July 2017. Investor Michael Terpin Terpin also claims that he lost $24 million worth of crypto as a result of two AT&T SIM swap hacks that occurred between 2017-2018.

So how does Melker suggest avoiding a similar fate? 

“Never use SMS verification as a part of your 2FA,” Melker stated definitively. “[Hackers] are counting on this vulnerability in a SIM-Swap attack. 2FA is a double edged sword – it offers protection when used correctly (on a separate device), but allows easy access to everything if it is simply a text message to your phone – because the hacker will be receiving your texts and calls.”

He recommended using an authenticator (Google’s version over Authy which he said could be hacked)  on a separate, offline device and not on your present phone.

“The minute they swap your SIM card, everything on your present phone becomes a liability.”

He recommended using 2FA for all accounts, from social media to banking, and to stop using Chrome, which he said has “astounding” vulnerabilities. In regards to crypto assets in particular, Melker encouraged traders to remove their phone numbers from exchanges, and keep their assets in cold storage.

“Clearly we cannot trust the phone companies to protect us,” he said.

Related Posts
Hackers Sell Data of 129 Million Russian Car Owners for Bitcoin   May 15, 2020
Australian Hacker Sentenced to 2 Years in Prison for $300K XRP Theft   Aug. 11, 2020
Are crypto and blockchain safe for kids, or should greater measures be put in place?   Feb. 26, 2022
Has New York state gone astray in its pursuit of crypto fraud?   May 2, 2022
Prosecutors want to claim NFTs as securities, alleges legal team of former OpenSea employee   Aug. 22, 2022