Scammer Spoofs SMS Identifier to Steal Funds From Bitcoin User

Published at: June 3, 2020

A Bitcoin (BTC) peer-to-peer exchange made on the HodlHodl platform went awry as a scammer appears to have used a SIM spoofing attack to make the seller believe he was about to receive the money.

The episode was reported on June 2 by a Reddit user going by the name of Gandeloft. According to the victim, he wanted to cash out his Bitcoin savings of 0.1747 BTC, worth $1677 as of press time. Through the HodlHodl platform, he found a merchant willing to offer 1650 Euro, or $1848, for the Bitcoins. This appears to have been higher than the going market rate at the time due to the sudden Bitcoin price slip, which saw it reverse the gains made less than 24 hours earlier.

The buyer offered to use the Revolut app to settle the trade, asking for the victim’s phone number to make the payment. The victim then received a realistic SMS that purportedly came from Revolut, saying that the transfer was pending, and would be cleared in a few hours due to “difference in locations.”

At first glance, the message came from the same identifier that sent two-factor authentication codes, making it appear genuine. While the user did not see the money on the Revolut app, the scammer then successfully pressured the victim into releasing his BTC from escrow.

The victim told Cointelegraph that Revolut confirmed that the SMS did not come from them, while the merchant platform HodlHodl refused to provide any additional data that could help catch the perpetrator. According to the victim, the platform replied by saying, "We do not provide any information about our users. You can contact your bank and find out all the details". In this case, however, no bank-traceable transactions actually occurred.

Cointelegraph requested comment from Revolut and HodlHodl, but did not immediately receive a response.

SIM-based attacks getting more common

Phishing attacks are generally easy to recognize, but the ability to spoof official addresses can give them added credibility. SIM spoofing is relatively easy to perform and very difficult to discover, though the specifics vary by country. The carriers are nevertheless able to understand the true origin of the spoofed SMS.

Mobile networks are also vulnerable to a more serious attack called SIM swapping. This can be done by tricking customer support into swapping phone numbers with a different provider, though there are several other methods.

Lending provider BlockFi recently suffered a data leak where an employee’s phone number was swapped to gain access to internal records.

Exchange users have also been targeted by such attacks through the years, with one high profile case resulting in the alleged loss of $24 million dollars through a SIM swap performed on the AT&T network.

Tags
Related Posts
Samsung Pay Teams Up With RippleNet Member Finablr
Samsung Pay, the mobile payments service of South Korean tech giant Samsung, has partnered with payments platform Finablr, Ripple’s RippleNet member, to offer cross-border payments feature Money Transfer to its app’s users. Finablr announced the partnership on Oct. 3, claiming that the new feature “offers users seamless and secure cross-border payments to 47 countries through a variety of payout methods, all within Samsung’s native mobile wallet.” Furthermore, United States-based Samsung Pay’s clients reportedly can use their debit or credit cards to send money via the service. Tokenized credentials Per the release, all the fees and exchange rates are included upfront, …
Blockchain / Oct. 6, 2019
'Less sophisticated' malware is stealing millions: Chainalysis
Cryptojacking accounted for 73% of the total value received by malware related addresses between 2017 and 2021, according to a new malware report from blockchain analysis firm Chainalysis. Malware is used to conduct nefarious activity on a victim’s device such as a smartphone or PC after being downloaded without the victim’s knowledge. Malware-powered crime can be anything from information-stealing to denial-of-service (DDoS) attacks or ad fraud on a grand scale. The report excluded ransomware, which involves an initial use of hacks and malware to leverage ransom payments from vicitms in order to halt the attacks. Chainalysis stated: “While most tend …
Blockchain / Jan. 20, 2022
Coin Bureau Youtube channel hacked despite 2FA protection
Coin Bureau, a popular information portal for cryptocurrency developments with over 600,000 followers on Twitter, experienced a security breach on its Youtube channel on Monday. Hackers allegedly uploaded a video with links to scam fiat/cryptocurrency addresses soliciting a token sale before being taken down by Youtube. According to Coin Bureau staff, they were baffled by the incident as its accounts were "secured with ultra-strong passwords and Google security keys." So our YouTube channel was just hacked. Have absolutely no idea how this happened. All accounts are secured with ultra strong passwords and Google security keys. @YouTubeCreators this is a serious …
Technology / Jan. 24, 2022
Alchemy Pay gains 77% after exchange listings and cross-chain integrations
The cryptocurrency ecosystem has come a long way since the launch of Bitcoin (BTC) and in the last few years smart contracts have revolutionized the industry. With that said, there is still plenty of progress to be made when it comes to integrating blockchain technology to peer-to-peer, business to business and business to consumer payment systems. Alchemy Pay aims to further the adoption of cryptocurrencies through its hybrid payments system and in the last week its ACH token gained 77% to trade at $0.0625 on Feb. 9. Three reasons for the uptick in ACH price include the cross-chain launch of …
Adoption / Feb. 9, 2022
Bored Ape Yacht Club NFTs stolen in Instagram phishing attack
As told by Bored Ape Yacht Club (BAYC) developers on Monday, hackers breached the popular nonfungible token (NFT) collection’s official Instagram page and shared links to a fake airdrop with the project’s followers. Crypto enthusiasts who connected their MetaMask wallets to the scam website were subsequently drained of their Ape NFTs. It appears that the attack was planned to coincide with the one-year anniversary of the launch of the BAYC collection, thus increasing the “perceived credibility” of the phishing link. Unconfirmed reports on social media indicate that approximately 100 NFTs were stolen during the phishing attack. Based on data from …
Adoption / April 25, 2022