Scott Melker Recounts How He Fell Victim to a SIM Swap Attack

Published at: Aug. 5, 2020

Scott Melker, also known as the "Wolf of All Streets," says he was the victim of a SIM swap attack in February but managed to avoid losing any crypto assets.

In a Aug. 4 post on Melker’s website titled Security Tips And Lessons Learned From My Hack, the trader said he was able to protect access to his bank accounts, credit cards, and crypto exchanges after a hacker assumed his identity by tricking his phone carrier and diverted Melker’s communications to the hacker’s phone.

According to Melker, the hacker had access to his number and text messages — which would have given them access to all his funds if he’d relied on two-factor authentication (2FA) delivered via text message.

However he used a form of 2FA (Google Authenticator, Authy) which was kept on a separate, offline device. “This is the single thing that largely saved me from the most damage,” said Melker.

“Even with my logins and passwords, they were unable to access my 2FA. This gave me enough time to contact my banks, credit cards, crypto exchanges, etc. and have my accounts locked.”

Words of warning

Hackers reportedly stole $8.7 in crypto assets from Reggie Middleton, CEO of crypto firm Veritaseum, in a series of T-Mobile SIM swap attacks in July 2017. Investor Michael Terpin Terpin also claims that he lost $24 million worth of crypto as a result of two AT&T SIM swap hacks that occurred between 2017-2018.

So how does Melker suggest avoiding a similar fate? 

“Never use SMS verification as a part of your 2FA,” Melker stated definitively. “[Hackers] are counting on this vulnerability in a SIM-Swap attack. 2FA is a double edged sword – it offers protection when used correctly (on a separate device), but allows easy access to everything if it is simply a text message to your phone – because the hacker will be receiving your texts and calls.”

He recommended using an authenticator (Google’s version over Authy which he said could be hacked)  on a separate, offline device and not on your present phone.

“The minute they swap your SIM card, everything on your present phone becomes a liability.”

He recommended using 2FA for all accounts, from social media to banking, and to stop using Chrome, which he said has “astounding” vulnerabilities. In regards to crypto assets in particular, Melker encouraged traders to remove their phone numbers from exchanges, and keep their assets in cold storage.

“Clearly we cannot trust the phone companies to protect us,” he said.

Tags
Regulation
Law
Hackers
Crimes
Security
Related Posts
Hackers Sell Data of 129 Million Russian Car Owners for Bitcoin
The major cryptocurrency, Bitcoin (BTC), continues to be actively used for illicit activity. Anonymous hackers have taken the data of over 129 million Russian car owners to expose it on the darknet in exchange for cryptocurrency. The leaked information includes the full names, addresses, passport numbers and other data belonging to millions of Russian car drivers, Russian news agency RBC reported May 15. The stolen data is claimed to be leaked from the registry of Russia’s patrol jurisdiction, the General Administration for Traffic Safety of the Ministry of Internal Affairs of Russia. The authenticity of data has reportedly been confirmed …
Regulation / May 15, 2020
Australian Hacker Sentenced to 2 Years in Prison for $300K XRP Theft
A judge has sentenced Australian citizen Kathryn Nguyen to a maximum time of 2 years and 3 months in prison for her role in stealing more than 100,000 XRP tokens in January 2018. According to an Aug. 11 report in Australian publication Information Age, Nguyen was sentenced over the theft of more than $300,000 in XRP two years ago. She was initially charged in Oct. 2018 and pled guilty to fraud charges the following August. Chris Craigie, the judge presiding over Nguyen’s case, said it was a “difficult and troubling decision” to send her to prison. The Australian national will …
Regulation / Aug. 11, 2020
Are crypto and blockchain safe for kids, or should greater measures be put in place?
Crypto is going mainstream, and the world’s younger generation, in particular, is taking note. Cryptocurrency exchange Crypto.com recently predicted that crypto users worldwide could reach 1 billion by the end of 2022. Further findings show that Millennials — those between the ages of 26 and 41 — are turning to digital asset investment to build wealth. For example, a study conducted in 2021 by personal loan company Stilt found that, according to its user data, more than 94% of people who own crypto were between 18 and 40. Keeping children safe While the increased interest in cryptocurrency is notable, some …
Adoption / Feb. 26, 2022
Has New York state gone astray in its pursuit of crypto fraud?
The Empire State made two appearances on the regulatory stage last week, and neither was entirely reassuring. On April 25, bill S8839 was proposed in the New York State (NYS) Senate that would criminalize “rug pulls” and other crypto frauds, while two days later, the state’s Assembly passed a ban on non-green Bitcoin (BTC) mining. The first event was met with some ire from industry representatives, while the second drew negative reviews, too. However, this may have been more of a reflex response given that the “ban” was temporary and principally aimed at energy providers. The fraud bill, sponsored by …
Adoption / May 2, 2022
Prosecutors want to claim NFTs as securities, alleges legal team of former OpenSea employee
Lawyers representing Nathaniel Chastain, the former OpenSea product manager accused of insider trading, have claimed United States authorities only filed charges in an attempt to set legal precedent that nonfungible tokens are securities. In a Friday filing with the Southern District of New York court, Chastain’s legal team from Greenberg Traurig filed a motion to dismiss the indictment against him, which included allegations of wire fraud and money laundering related to an NFT insider trading scheme from June to September 2021. The lawyers argued that the charges against the former OpenSea employee were invalid in part “because the NFTs at …
Nft / Aug. 22, 2022