SIM

xpresstuning

You can import that in any wallet. Download Bluewallet, add a Storage Encryption password, and import the seed-phrase. Bluewallet has the most comprehensive recovery possible; It WILL recover anything. If you plan on using the wallet again, I'd recommend doing this procedure on a factory-reset Android device with no SIM. If not, transfer any funds out, if any, to an exchange.

Emergency_Car_10

Just to clarify: I used an iPhone that was in airplane mode, no WiFi, no SIM, just running the wallet generator in Safari that I had opened before disconnecting. I physically wrote down the seed with a pen, no screenshots or Notes. That’s why I’m still so confused — the only explanation seems to be that the site itself was compromised.

xpresstuning

I'd recommend a Bitcoin-only, 100% open-source and audible software wallet. - Bluewallet - Electrum (Mobile version) - Sparrow wallet - Blockstream App - Nunchuk These would be the best; and here's a strategy you can use with Bluewallet as a long-term storage solution without the use of a hardware "wallet". - Factory-reset an android/ios device you've got around. No SIM. Connect it to your encrypted WiFi. Install Bluewallet and encrypt it (add a password). Make the wallet, and add a passphrase to it. - Write down the seed-phrase, passphrase and derivation path, and export the public master key (xPub). - Delete everything, factory reset again and turn it off indefinitely. Should have taken you ~ 5 minutes to write everything down, so the device was only connected for 5 to 10 minutes - which is an astronomically low risk factor, a non-issue. - Now, just install Bluewallet on your personal phone and import the xPub. You now have a "Watch-Only" wallet. A "Watch-Only" wallet in BlueWallet lets you monitor your Bitcoin balance and generate new receiving addresses without storing your private key, ensuring enhanced security by keeping your funds safe from unauthorized access. You can use your "Watch-Only" wallet in Bluewallet to accumulate Bitcoin forever.

xpresstuning

If long-term storage is what you want, you merely need to create the wallet with as many risk mitigating factors as possible; you do this once. you can either use a fresh USB with Tails OS + Electrum, or a factory-reset phone with no SIM. You back up your seed-phrase, passphrase, derivation path and public master key. You then delete/destroy everything. You export the master public key (xPub). You can then import that xPub anywhere as a "Watch-Only" wallet to receive Bitcoin. You don't need a signing device for that. I use a "Watch-Only" wallet that can generate receiving addresses. I can import my xPub anywhere, on any wallet, on any phone. Currently, I use Bluewallet. I can accumulate Bitcoin and monitor every single transaction. 5 years from now, when I'll inevitably replace my phone, I'll install Bluewallet and import my xPub again. A decade from now if Bluewallet isn't available, I'll use a different wallet and import my xPub there. I don't mean to argue, I'm just passionate about Bitcoin and witnessing how deceptive the marketing for these hardware "wallets" are, and the over-relience on this middle-man, people need to be aware that other options to preserve their multi-generational wealth exists. As long as your aware of that, do what you believe is right with your wealth.

Radiokot1

1. Your smartphone has various interfaces, radio and physical, through which it can be hacked 2. It is never offline. It is connected to cell towers even without a SIM card 3. You can't neither control nor verify the software running on your smartphone. Beside the main OS, it has proprietary closed-source code running in radio chips 4. If it is an old smartphone never connected to the Internet, it doesn't have the latest security updates for the operating system and could probably be hacked in 0 clicks by simply connecting it to a computer 5. All the cryptographic operations are done in a general purpose CPU On the other hand: 1. Hardware wallet is a bare minimum device designed specifically for signing transactions, it doesn't have unnecessary unsafe interfaces 2. You can verify the software running on it 3. A hardware wallet uses a dedicated secure chip to store the keys and do the signing

Previous-Flan-9343

One morning, I woke up to find that my phone had lost service. At first, I thought it was just a temporary glitch, but as the hours passed, I realized something was seriously wrong. When I finally regained access to my phone, I was met with a shocking revelation: my exchange account had been drained of $80,000. It was a devastating blow, and I quickly learned that I had fallen victim to a SIM swap attack. The hackers had managed to bypass my two-factor authentication (2FA) by transferring my phone number to a new SIM card in their possession. This allowed them to gain access to my accounts and drain my funds without my knowledge. The realization that my personal information had been compromised was overwhelming, and I felt a mix of anger and fear. I sought help from PROFICIENT EXPERT CONSULTANT, a team specializing in digital security breaches. PROFICIENT EXPERT CONSULTANT conducted a thorough analysis of the attack and quickly identified the fraudulent SIM transfer request that had led to my financial loss. Their expertise was invaluable as they tracked the stolen funds to a known laundering service, notorious for facilitating such illicit activities. With the assistance of PROFICIENT EXPERT CONSULTANT, I was able to pressure the exchange into reversing some of the unauthorized withdrawals. After a tense negotiation, I managed to recover $35,000 of my lost funds. The recovery process was intense and required constant communication with both the exchange and PROFICIENT EXPERT CONSULTANT. They provided me with regular updates, which helped ease my anxiety during this tumultuous time. I cannot emphasize enough how crucial it is to seek professional help from [PROFICIENTEXPERT@CONSULTANT.COM](mailto:PROFICIENTEXPERT@CONSULTANT.COM) telegram: PROFICINEXPERT if you find yourself in a similar situation. The expertise of this dedicated recovery team can make a significant difference in navigating the complexities of digital fraud. PROFICIENT EXPERT CONSULTANT understands the intricacies of the systems involved and can effectively advocate on your behalf.If you ever find yourself a victim of a cyber attack, I highly recommend reaching out to PROFICIENT EXPERT CONSULTANT. The road to recovery may be challenging, but with the right support from PROFICIENT EXPERT CONSULTANT, it is possible to regain what was lost and move forward.

xpresstuning

Bluewallet is a good choice; it's my favorite Bitcoin-only wallet. It's elegant in its simplicity and packed with a wealth of strong security features and risk mitigating factors. However, I would not store Bitcoin on it or any software wallet on a personal, internet-connected device. Even if you delete your private keys off your phone, you still generated them on your personal phone. It's a very vulnerable device. It's packed with apps, and you frequently use it on the internet. However, if you want a setup that provides a use case for long-term storage on a software wallet, I recommend the following; Also, a second phone is required. - Factory reset the phone, no SIM, and connect it to your own password-secured WiFi. Get Bluewallet and encrypt it (by adding a password), make the wallet, and add a passphrase. Write everything down. Export the xPub. - Delete everything, factory-reset the phone again, and turn it off indefinitely. - Install Bluewallet on your personal phone and import the xPub. Thus, you have a "Watch-Only" wallet that only exists to receive Bitcoin - the "Watch-Only" can create receiving addresses - and monitor transactions. The keys do not exist anywhere except on the piece of paper you wrote it down. Encrypt it again for good measure. The only vulnerability is the length of time you had your factory-reset phone connected on your WiFi. As a security risk, it's an astronomically low security risk. If it's a 5 to 10-minute connection, then it's a complete non-issue. You can even write down your xPub or print out the QR code (they usually also offer a QR code) so you can import the xPub as a "Watch-Only" wallet on another phone, or another wallet. Key points: - Software wallet MUST be Bitcoin-only (lowest attack surface) - Software wallet MUST be 100% open-source and audible. What I recommend: - Stamp your seed-phrase and your derivation path on a piece of metal. And stamp your passphrase on another piece of metal. Keep them separate and secured.

xpresstuning

Hardware wallets are just a way to create your seed-phrase and/or passphrase completely offline, eliminating exposure. If you want a setup that provides a use case for long-term storage on a software wallet, I recommend the following; Also, a second phone is required. - Factory reset the phone, no SIM, and connect it to your own password-secured WiFi. Get Bluewallet (my personal favorite Bitcoin-only software wallet) and encrypt it (by adding a password), make the wallet, and add a passphrase. Write everything down. Export the xPub. - Delete everything, factory-reset the phone again, and turn it off indefinitely. - Install Bluewallet on your personal phone and import the xPub. Thus you have a "Watch-Only" wallet that only exists to receive Bitcoin and monitor transactions. The keys do not exist anywhere except on the piece of paper you wrote it down. Encrypt it again for good measure. The only vulnerability is the length of time you had your factory-reset phone connected on your WiFi. As a security risk, it's an astronomically low security risk. If it's a 5 to 10 minutes connection, then it's a complete non-issue. You can even write down your xPub or print out the QR code (they usually also offer a QR code) so you can import the xPub as a "Watch-Only" wallet on another phone, or another wallet. Key points: - Software wallet MUST be Bitcoin-only (lowest attack surface) - Software wallet MUST be 100% open-source and audible.

angrySprewell

I never wrote that the BTC was stored on her phone.. you just wanted to take a shit on a comment since you could tell I didn't read the article. My point is still valid, corrected for Canadian currency or not. How about this; opsec for 12.5 BTC involving your phone's SIM is cavalier as fuck. Is that better, or do you just want to dismiss the point because I didn't read the same shitty article you did?

xpresstuning

The point and main function of a hardware wallet is to generate your keys completely offline, thus eliminating any risk of online exposure. Whatever additional features a hardware wallet comes with is for mitigating user risk, for the most part. There are many different "flavors" of hardware wallets, but their primary main function - why they exist - is the exact same thing. You'll get people that are tribal over their purchase, naturally, ignore that noise. **Your comfort level of the amount of Bitcoin you will hold is what will decide how many risk-mitigating factors you want to include in your storage setup.** Before thinking of cold storage, there's one key aspect i abide by 100% as a major risk mitigating action: * **A wallet MUST be Bitcoin-only.** It simply lowers the attack surface a thousand fold by eliminating all the risk associated with the bullshit that is "web3", "dApps", "NFTs", etc. For long-term storage goals, avoid them like the plague. In your case, you could make a simple setup without the need of interacting with a hardware wallet. By adding risk-mitigating actions, step-by-step, to a point where your wallet is as likely to get hacked as your private key - which is astronomically low. Here's one way that involves an extra smartphone/tablet and Bluewallet, which i think is the best mobile software wallet available (huge fan): 1. Factory-reset the extra device. No SIM card. 2. Connect it to your own password-secured Wi-Fi. 3. Installed Bluewallet, and encrypt it by adding a password. This encrypts the data. 4. Create wallet (write down the seed phrase). 5. Import said wallet to create a **passphrase** (write down the passphrase), thus a different wallet. It's an additional layer of protection. 6. Export the master public key (xPub) of this wallet **(12 word seed-phrase + passphrase)** and write down some details regarding it (like the derivation path). It will be a string of text and a QR code. Back it up however you want. 7. Uninstall Bluewallet, factory-reset the extra device, then disconnected it from your Wi-Fi. Turn the phone completely off, indefinitely. 8. Install Bluewallet on your personal phone and import the xPub. Thus you have a "Watch-Only" wallet that only exists to receive Bitcoin and monitor transactions. The keys do not exist anywhere except on whatever you wrote it down. Encrypt it again for good measure. How you store the seed-phrase, passphrase and derivation path is up to you. The one, single vulnerability here is the length of time you had your factory-reset phone connected on your WiFi. Even a 30 minute connection given all the factors involved is a preposterously low risk. If it's 5 to 10 minutes, then it's a non-issue.

xpresstuning

Also, if you want a setup that provides a use case for long-term storage on a software wallet, I recommend the following; Also, a second phone is required. - Factory reset the phone, no SIM, and connect it to your own password-secured WiFi. Get Bluewallet (my personal favorite Bitcoin-only software wallet) and encrypt it (by adding a password), make the wallet, and add a passphrase. Write everything down. Export the xPub. - Delete everything, factory-reset the phone again, and turn it off indefinitely. - Install Bluewallet on your personal phone and import the xPub. Thus you have a "Watch-Only" wallet that only exists to receive Bitcoin and monitor transactions. The keys do not exist anywhere except on the piece of paper you wrote it down. Encrypt it again for good measure. The only vulnerability is the length of time you had your factory-reset phone connected on your WiFi. As a security risk, it's an astronomically low security risk. If it's a 5 to 10 minutes connection, then it's a complete non-issue. You can even write down your xPub or print out the QR code (they usually also offer a QR code) so you can import the xPub as a "Watch-Only" wallet on another phone, or another wallet. Key points: - Software wallet MUST be Bitcoin-only (lowest attack surface)

farkinga

This is certainly interesting but there's one claim that I would want to see support for: > DTC doesn’t require routers, towers, or a traditional SIM. It connects directly from satellite to any compatible device—including embedded modems in “air-gapped” voting systems, smart UPS units, or unsecured auxiliary hardware. If this is the case, there ought to be physical evidence; there must be a cellular device somewhere. It's never stated but is that allegedly where the UPS comes in? And were the UPS devices, in fact, connected via USB to voting machines? TBH, the entire chain of connections is plausible - but there are quite a few claims that can be fact checked. If the claims are true, there must be evidence to support it. Also, BallotProof does not seem like an integral part of this plan. It was a hackathon project; a proof of concept. I do think it is an interesting piece of circumstantial evidence - and wildly suspicious - but I'm confident it's not part of the final exploit. It could well have influenced it, however. I'll say this: if somebody shows evidence of a modem in a UPS device, that would be pretty damning. As it is, this specific essay loosely stitched together several interesting details - and it could even be right - but there are some gaps that require evidence.

coinfeeds-bot

tldr; A Canadian woman, Raelene Vandenbosch, is suing Rogers Communications and Match Transact Inc. after losing 12 Bitcoin (worth $531,000 in 2021, now $1.8 million) in a SIM swap scam. She alleges a Match-owned mobile store employee shared her information with a hacker, enabling the theft. The British Columbia Supreme Court ruled most of the case must go to arbitration, except for a public admission of wrongdoing. Vandenbosch accuses the companies of negligence and breach of privacy, while Rogers denies fault and highlights evolving fraud risks. *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.

xpresstuning

Storing the private key on anything with internet access is absolutely not recommended, yes. But to create one, It's fine if it's on an Android/iOS device that is: - Factory-reset - Has no SIM card - Is online only on your password-secured WiFi for as long as it takes you to create said wallet + a passphrase, write everything down and export the xPub. Roughly 5 to 10 minutes. - Software wallet has encryption available, ex. you can make a password before creating the wallet - which encrypts the private key. Further lowering the astronomically low risk that a factory-reset phone with no SIM might be compromised while it's online for 5 minutes. - Said phone is factory-reset again, everything deleted, then disconnected and turned off indefinitely. Thus you've got a "Watch-Only" wallet via the xPub, which can only receive Bitcoin and monitor transactions. The private key does not exist anywhere, except on the piece of paper you've wrote them down.

xpresstuning

Yes. But you need to make the process of creating said wallet as secured as possible. If you've got another phone, then you can make a pretty fucking secure "Watch-Only" wallet; - Factory reset the phone, no SIM, and connect it to your own password-secured WiFi. Get Bluewallet (my personal favorite Bitcoin-only software wallet) and encrypt it (by adding a password), make the wallet, and add a passphrase. Write everything down. Export the xPub. - Delete everything, factory-reset the phone again, and turn it off indefinitely. - Install Bluewallet on your personal phone and import the xPub. Thus you have a "Watch-Only" wallet that only exists to receive Bitcoin and monitor transactions. The keys do not exist anywhere except on the piece of paper you wrote it down. Encrypt it again for good measure. The only vulnerability is the length of time you had your factory-reset phone connected on your WiFi. As a security risk, it's an astronomically low security risk. If it's a 5 to 10 minutes connection, then it's a complete non-issue. This setup provides a use case for long-term storage for a software wallet. You can safely store indefinitely. As long as you do not touch your seed-phrase & passphrase. 2 key points though: - Wallet MUST be Bitcoin-only. - Wallet MUST be completely open-source and audible.

xpresstuning

I'd just keep it on Kraken if you're planning to get a hardware wallet in the foreseeable future (a few months). Your personal phone might be compromised, and storing your seed phrase on your phone may be a problem. If you've got another phone, then you can make a pretty fucking secure "Watch-Only" wallet; - Factory reset the phone, no SIM, and connect it to your own password-secured WiFi. Get Bluewallet and encrypt it (by adding a password), make the wallet, and add a passphrase. Write everything down. Export the xPub. - Delete everything, factory-reset the phone again, and turn it off indefinitely. - Install Bluewallet on your personal phone and import the xPub. Thus you have a "Watch-Only" that only exists to receive Bitcoin and monitor transactions. The keys do not exist anywhere except on the piece of paper you wrote it down. Encrypt it again for good measure. The only vulnerability is the length of time you had your factory-reset phone connected on your WiFi. As a security risk, it's an astronomically low security risk. If it's a 5 to 10 minutes connection, then it's a complete non-issue. This setup provides a use case for long-term storage for a software wallet. You can safely store indefinitely. 2 key points though: - Wallet MUST be Bitcoin-only. - Wallet MUST be completely open-source and audible.

xpresstuning

You could use Bluewallet as "cold" storage with little to no risk; 1. Factory-reset an extra smartphone i had. No SIM card at all. 2. Connected it to my own password-secured Wi-Fi. 3. Installed Bluewallet, then created wallet (wrote down the seed phrase). 4. Imported said wallet to create a passphrase (wrote down the passphrase), thus a different wallet. It's a really nice, additional layer of protection. 5. Exported the master public key of this wallet (12 word seed-phrase + passphrase) and wrote down some stuff regarding it (like the derivation path). 6. Uninstalled Bluewallet, factory-reset the extra smartphone then disconnected it from my Wi-Fi. Turned the phone completely off. 7. Imported said wallet (12 word seed-phrase + passphrase) in Bluewallet as "Watch-only" on my personal phone. It exists only to receive BTC. The risk is how long you've kept the factory-reset device online. If you've only kept it for 5 to 10 minutes, then the risk is pretty much 0, and the Watch-Only wallet is pretty fucking secure.

xpresstuning

Don't know if this is a bot or not, but since you already purchased Tangem, I highly recommend setting up a seed-phrase and ONLY using Bitcoin with it. Never fiddle around with "web3" apps, never use the Tangem wallet for anything other than storing Bitcoin. And for future reference, avoid shitcoin wallets (wallets that support 100s of coins). Whether "hot" or "cold", avoid them like the plague. They're highly vulnerable because their attack surface is huge. Every single, and I mean EVERY SINGLE time a hack/scam happened, a shitcoin wallet was involved. Use a Bitcoin-only wallet. Even properly managed Bitcoin-only "hot wallets" are better than products like Tangem or Ledger. Bluewallet, Blockstream and Nunchuk are viable options. IF properly managed - by that I mean your private key is not on your device. For example: Bluewallet (my favorite software wallet) You use a factory-reset Android phone with no SIM connected to your password encrypted WiFi. You only have it connected to the internet for as long it takes you to encrypt Bluewallet's data (enable password) , thus encrypting the private key, creating the wallet, plus a passphrase (writing it down obviously) and exporting the xPub. A grand total of 5 to 10 minutes. Then disconnect, delete everything, factory reset it again a turn it off completely. You then install Bluewallet on your personal phone, and add the xPub (public key) to it as a "Watch-Only" Bitcoin wallet. It exists only to receive BTC and monitor transactions. The keys do not exist anywhere else other than what you wrote them on. Encrypt Bluewallet as well for good measure. This setup is infinitely more secure than either Tangem or Ledger.

xpresstuning

I would never trust something like Ledger or Tangem. You can create your own "cold" storage that's highly secure by generating the wallet a in Bitcoin-only software wallets (Bluewallet is my recommended app for this) on a secure device - which would be a factory-reset Android device with no SIM. Use a password encrypted, personal Wi-Fi. Once done, and after adding a passphrase as an additional layer of security, you write them down on paper and export the xPub. Then, factory reset the phone again and turn it off completely. Done. Your seed-phrase and passphrase were potentially vulnerable for a grand total of 5 to 10 minutes. And if you encrypted the stored seed in Bluewallet (via a password that you can enable), then the data was also encrypted. That xPub is a public key designed to monitor transactions and only receive Bitcoin. You can not send. It doesn't have any keys stored. You then import the public key in any wallet as a "Watch-Only" wallet. Done, long-term "cold" storage.

xpresstuning

You either buy a hardware wallet - the best budget friendly one is Trezor Safe 3. For 80$, it's more than a good investment to secure your funds long-term. Or you can create your own "cold" storage that's as secure by generating the wallet offline in Bitcoin-only software wallets (Bluewallet is my recommended app for this) on a secure device - which would be an offline, factory-reset Android device with no SIM. You would get the github APK and transfer it via SDcard. Once done, and after adding a passphrase as an additional layer of security, you write them down on paper and export the xPub. Then, the factory reset the phone again and turn it off completely. That xPub is a public key designed to monitor transactions and only receive Bitcoin. You can not send it. It doesn't have any keys stored. You then import the public key in any wallet as a "Watch-Only" wallet. Done, long-term "cold" storage. The hassle arrives when you need to send Bitcoin. Signing offline isn't beginner friendly. And I don't think Bluewallet supports that feature. The hardware wallet simplifies this process entirely. But I like to have options and to lay them down to anyone interested in self-custody.

aaaanoon

Second phone, no SIM. Airplane mode. Side load wallet apps. Sign transactions via qr code.. don't need crypto wallets. Added bonus -If someone finds it they have no idea you have crypto

xpresstuning

Do what i did: 1. Factory-reset an extra smartphone i had. No SIM card at all. 2. Connected it to my own password-secured Wi-Fi. 3. Installed Bluewallet, then created wallet (wrote down the seed phrase). 4. Imported said wallet to create a **passphrase** (wrote down the passphrase), thus a different wallet. It's a really nice, additional layer of protection. 5. Exported the master public key of this wallet **(12 word seed-phrase + passphrase)** and wrote down some stuff regarding it (like the derivation path). 6. Uninstalled Bluewallet, factory-reset the extra smartphone then disconnected it from my Wi-Fi. Turned the phone completely off. 7. Imported said wallet **(12 word seed-phrase + passphrase)** in Bluewallet as "Watch-only" on my personal phone. It exists only to receive BTC. Note: Internet access should be as low as humanly possible. 10 - 15 minutes. A 10 - 15 min. exposure on a factory-reset phone with no SIM is pretty fucking secure, so i would worry at all. Bluewallet is a Bitcoin-only wallet, and one of the best software wallets available. I wouldn't trust a shitcoin wallet (wallet that supports 100s of crypto-currencies) because the attack surface is far larger and pretty much 100% of ANY individuals complaining about hacks and shit on any software/hardware wallet is because they used a shitcoin wallet. You can carry and import that "Watch-Only" wallet anywhere, on any wallet, and use that for receiving **forever**. It'll never get "hacked" (literally impossible).

xpresstuning

If you do it as follows, then it's pretty fucking safe: 1. Factory-reset an extra smartphone i had. No SIM card at all. 2. Connected it to my own password-secured Wi-Fi. 3. Installed Bluewallet, then created wallet (wrote down the seed phrase). 4. Imported said wallet to create a passphrase (wrote down the passphrase), thus a different wallet. It's a really nice, additional layer of protection. 5. Exported the master public key of this wallet (12 word seed-phrase + passphrase) and wrote down some stuff regarding it (like the derivation path). 6. Uninstalled Bluewallet, factory-reset the extra smartphone then disconnected it from my Wi-Fi. Turned the phone completely off. 7. Imported said wallet (12 word seed-phrase + passphrase) in Bluewallet as "Watch-only" on my personal phone. It exists only to receive BTC. Key points: - Android/iOS is significantly more secure than anything on a desktop or laptop. Never EVER put your seed phrase on those systems. - A passphrase is absolutely mandatory. Lowers security risk. - Exposure on the internet should be as low as possible; 10 - 15 min. Further lowers risk. - HODL long-term. Avoid using your seed phrase & passphrase as much as possible, and DO NOT use it on your personal phone. The key to self-ownership is to be as careful as possible. I believe that this setup is very secure. And the only way I'd store Bitcoin long term. Your choice of Bluewallet as your software wallet is good; It's the best software wallet for Bitcoin there is on the phone. 👌

xpresstuning

I highly recommend Bluewallet, but here's how you should use it (copy pasted from a thread of mine) 1. Factory-reset an extra smartphone i had. No SIM card at all. 2. Connected it to my own password-secured Wi-Fi. 3. Installed Bluewallet, then created wallet (wrote down the seed phrase). 4. Imported said wallet to create a **passphrase** (wrote down the passphrase), thus a different wallet. It's a really nice, additional layer of protection. 5. Exported the master public key of this wallet **(12 word seed-phrase + passphrase)** and wrote down some stuff regarding it (like the derivation path). 6. Uninstalled Bluewallet, factory-reset the extra smartphone then disconnected it from my Wi-Fi. Turned the phone completely off. 7. Imported said wallet **(12 word seed-phrase + passphrase)** in Bluewallet as "Watch-only" on my personal phone. It exists only to receive BTC.

19YoJimbo93

Email me your SIM card. I’ll help.

Braxximus

They can get past 2FA, it happened to me 4 years ago. My phone got spammed with over 1000 text messages and during all the text notifications, my coinbase account was hacked and password changed. I had all the security features set, and at the time, doing my research it comes down to SIM card swaps and somebody at the cell phone provider. I got lucky, it took me 4 months to gain access to my account, I had to send all types of verification pictures, but my account was restored and I got my money. I closed my account and have not Gon back to coinbase. Also customer service is shit. Security is shit. It’s just a matter of time before it happens to you. I also lost out on making money because cardano had a HUGE run up and I was unable to sell.

xpresstuning

I believe that's needlessly complicated. Not to put down your effort or something, but you could try something like I did just to play around: 1. Factory-reset an extra smartphone i had. No SIM card at all. 2. Connected it to my own password-secured Wi-Fi. 3. Installed Bluewallet, then created wallet (wrote down the seed phrase). 4. Imported said wallet to create a passphrase (wrote down the passphrase), thus a different wallet. It's a really nice, additional layer of protection. 5. Exported the master public key of this wallet (12 word seed-phrase + passphrase) and wrote down some stuff regarding it (like the derivation path). 6. Uninstalled Bluewallet, factory-reset the extra smartphone then disconnected it from my Wi-Fi. Turned the phone completely off. It will remain off forever. 7. Imported said wallet (12 word seed-phrase + passphrase) in Bluewallet as "Watch-only" on my personal phone. It exists only to receive BTC. The seed was on a internet-connected factory reset phone with no SIM for a total of 5 minutes (the amount it took me to do all this stuff). I mean .. it's pretty fucking safe.

Illustrious-Music614

I too sat on my cold wallet without activating it, as I lulled myself into believing that my hot wallet was “safe enough”. Then one day I received a notification asking for confirmation of a pending transaction. My hot wallet had been hacked. The process started with a person walking into my phone provider’s store location in another state, asking to get a new SIM card. Then they contacted my email provider and took over my account. With both of these accounts in their control, they were able to assume my persona and hack my hot wallet. Activate your cold wallet! You do not want the hassle or sleepless nights wondering if you will be able to recover your cryptocurrency.

Kooky-Sense4165

We’re starting with cash because it’s the most universal, permissionless, and accessible payment method for the unbanked. That said, M-Pesa integration is on our roadmap, but we want to get the most trust-minimized version working first, especially for people with no phone or SIM registration.

footofwrath

I mean, yes, that's the answer, although when I *don't* trade, and say, "I think it will rise - but I won't trade. Just test my strategy" - of course then it works perfectly. I'm sure it'll be the same for SIM trading. I don't watch the 1m for price action. Just entry points, bottom of pullback etc.

KIG45

I'm sorry this happened to you, but you won't understand how, because hackers are extremely advanced and may have ways we don't even imagine. Anyone who deals with cryptocurrencies should have a hardware wallet, because it protects you even with a compromised device. LedgerS+ is perfect for your preferences, as far as I can see. Use the account with the seed phrase to connect to daps and do staking, but be careful what and where you sign. Create a password that gives you a completely separate set of accounts and use it only for true cold storage. Exchange-wallet, wallet-exchange. Use a hot wallet for experiments. A very good one that requires two devices (one of which is without a SIM card and always offline) to make a transaction is AirGapWallet. Also, consider securing the following: 1. An email that you use only for crypto and 2FA, absolutely everywhere possible. 2. A reputable antivirus with a paid plan that warns you of any danger, especially financial. They are not expensive and you will thank yourself. 3. Anti-Keylogger and AntyScreenShot, free. 4. Never save passwords in the browser (I personally do not trust password managers either). 5. Add ADWcleaner and scan every 2-3 days. 6. I only use incognito mode, because it does not save history and cookies, and this is very important. 7. Delete history and clean your computer every day, no matter what. A good free program that does this is CCleaner, but you can also do it with Windows settings. 8. You know not to click on suspicious links and not to download music, movies and unnecessary programs. 9. Make sure the Host file is read-only so they can't redirect you to fraudulent sites. 10. Trust absolutely no one and never be lazy and careless with crypto. There's probably more, but someone can add something if they want. I hope this is helpful and keep your head up, you'll be fine!

RefrigeratorLow1259

It's understandable that you're feeling frustrated and confused by this situation. Losing access to your crypto assets is a serious matter. Let's break down the information you've provided and explore potential explanations for how your wallets might have been compromised. Analyzing the Transactions: * METAMASK: The rapid swapping to ETH and subsequent transfer using Mimic:Swapper suggests an automated process likely initiated by a malicious actor who had already gained access to your wallet. The similar timestamps for the ETH and BNB transactions to the same address point to a coordinated action. * TRUST WALLET: The dormant nature of this wallet for over a year with no recent connections makes this particularly concerning. The near-instantaneous activation and draining of XRP to a newly created account ("register") strongly suggests a direct compromise rather than interaction with a malicious dApp in the recent past. * PHANTOM: The swapping to Solana and the Bitcoin transfer to a separate address indicate the attacker had broad control over your wallet. The mention of "arbitrage bots" in relation to the Bitcoin transfer might be a red herring or a detail the attacker left behind, but it doesn't directly explain the initial access. * KEPLR: The ability to transfer Akash and initiate un-staking actions shows the attacker had full control over your account within the Keplr wallet. The fact that you could cancel some un-staking but not the Akash suggests the attacker acted quickly. Potential Attack Vectors: Given your precautions, the most likely scenarios involve a compromise that bypassed your recent interactions: * Compromised Seed Phrase (Past Exposure): Even though you haven't shared it recently, your seed phrase might have been compromised in the past. This could have happened through: * Phishing Attack (Past): You might have unknowingly entered your seed phrase on a fake website sometime ago. * Malware: Malware on your computer or phone in the past could have logged your keystrokes or clipboard data when you entered your seed phrase. * Compromised Backup: If you stored your seed phrase digitally in an unencrypted or poorly secured location (e.g., notes app, email), it could have been accessed. * Compromised Device: It's possible that your computer or phone was compromised by malware that allowed the attacker to gain persistent access to your device and monitor your wallet activities, even without you actively connecting to websites. This malware could have: * Keylogger: Recorded your keystrokes when you unlocked your wallets. * Clipboard Hijacker: Swapped the intended recipient address with the attacker's address when you tried to make a legitimate transaction in the past. * Remote Access Trojan (RAT): Allowed the attacker to remotely control your device and initiate transactions. * Vulnerability in Software: While less likely given the simultaneous compromise across different wallets, a zero-day vulnerability in the wallet software itself or a core dependency could theoretically be exploited. However, such widespread exploits are usually quickly identified and patched. * SIM Swapping: In a SIM swap attack, the attacker convinces your mobile carrier to transfer your phone number to their SIM card. This allows them to intercept SMS-based two-factor authentication codes, potentially granting access to accounts linked to your phone number. While this wouldn't directly give access to your wallet seed phrases, it could be used in conjunction with other compromised information. Addressing Your Hypothesis: Your hypothesis about importing a compromised wallet into another wallet and gaining access to pre-existing accounts is incorrect. Each wallet within Metamask, Trust Wallet, Phantom, and Keplr is independent and secured by its own private keys derived from the seed phrase used to create or import that specific wallet. Importing one compromised account into a wallet application would not automatically grant access to other unrelated accounts within the same application. Deleting the compromised account from the wallet application would prevent you from accessing that specific account through that application, but it would not revoke the attacker's access if they have the private keys or seed phrase for that account. They could simply import it into another wallet elsewhere. Regarding the Trust Wallet XRP Transaction: Yes, the timestamps strongly suggest that the attacker created the "register" account and drained your XRP within approximately 19 seconds (4:10:50 UTC - 4:10:31 UTC). This rapid action further supports the idea of a pre-existing compromise (like a known seed phrase) that allowed for immediate exploitation upon the new account's creation. Recommendations: * Secure Your Devices: * Run a full malware scan on all devices you've used to access your crypto wallets. Consider a clean OS install for maximum security. * Ensure your operating system and all software are up to date with the latest security patches. * Be extremely cautious about clicking links or downloading files from untrusted sources. * Revoke All Permissions (If Possible): Although your funds are drained, it's still good practice to revoke any website permissions connected to your wallets (if you can still access the interfaces). * Generate New Seed Phrases on a Clean Device: For your new Ledger hardware wallet and any software wallets you decide to use, generate entirely new seed phrases on a clean and trusted device. * Use a Hardware Wallet (Ledger or similar): This is the most crucial step moving forward. Hardware wallets store your private keys offline, making them significantly more resistant to online attacks. * Be Vigilant: Continue to be extremely cautious about phishing attempts and only interact with trusted websites. Double-check URLs carefully. * Consider Reporting: Depending on your jurisdiction and the amounts involved, you might consider reporting the incident to local law enforcement and potentially the cryptocurrency exchanges involved (although fund recovery is often difficult). It's important not to blame yourself excessively, as these attacks can be sophisticated. However, learning from this experience and implementing strong security measures is crucial for protecting your assets in the future. Investing in a Ledger is definitely a wise step.

coinfeeds-bot

tldr; Eric Council Jr., a 26-year-old from Huntsville, Alabama, was sentenced to 14 months in prison for his role in a SIM swap hack that compromised the SEC's social media account on X (formerly Twitter). The January 2024 attack involved posting a fake tweet claiming SEC approval of Bitcoin ETFs, briefly impacting cryptocurrency markets. Council used a fake ID and SIM swap techniques to gain access. The incident highlighted vulnerabilities in security measures and caused temporary market volatility before the SEC clarified the misinformation. *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.

adrnml

I’ve been involved in numerous leaks over the years (T-mobile, Capital One) and this is by an order of magnitude worse. People can break into a house to steal $2000 worth of jewelry, having information out there that your household has 6-7 figures worth of crypto puts a target on your back for life. Credit freezes + separate emails for your financial stuff + hardware MFA is a must. Make sure to enable SIM swap protection with your carrier. I notified my close family not to ever send me any money unless I’m there to physically ask them for it. Next step for me is a change of address + getting a new ID. This is an incredible fuckup for Coinbase and we’ll need to live with the consequences for the rest of our lives.

coinfeeds-bot

tldr; Eric Council Jr. of Alabama was sentenced to 14 months in prison for his role in hacking the SEC's X (formerly Twitter) account in January 2024. Using a SIM swap attack and a fake ID, Council gained access to the account and falsely announced Bitcoin ETF approvals, briefly manipulating Bitcoin's price. Arrested in October 2024, Council was also ordered to forfeit $50,000 and faces three years of supervised release. U.S. Attorney Jeanine Pirro emphasized the threat such schemes pose to market integrity. *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.

shoogz

This is likely due to the appleid being used in the App Store rather than the SIM card. Easiest way to circumvent this without any issues is create a secondary Apple ID, log into the App Store, download the required apps then you can swap back to your normal one. You can have apps installed from multiple accounts in the same device

KarateKid84Fan

So someone that steals your SIM, gets access to your phone, your number, your email, your bank account info, your Coinbase account… won’t be able to turn off this whitelist feature?

missbrowniecat

I had T mobile employee across the country remotely change the SIM card in my phone. CALL YOUR OEIVIDER AND OUT A HOLD ON ANY SIM SWAPS.

doodaddy64

well, see... the "security" in the SIM card wasn't about the customer.

KIG45

Swapping SIM cards shouldn't be this easy. Major security flaws.

Goodness_Beast

I have my 2FA SMS with Google Voice. Can't SIM swap for that hehe.

VitaminDee33

Kind of frustrating the article does not explain what T-Mobile did which enabled the SIM swap and what changes they may make to limit such occurrences. Someone just called knowing the person’s Driver’s license or social security number or something, what the Hell even is the scam? Wish the article was higher quality with more information.

mel2000

Haven't all 3 major cell carriers assisted with bogus SIM swaps? This could get interesting.

Far-Midnight-3304

Run not walk run to nearest cave and stay, remove SIM card

TiamatChain

Flexing your holdings online definitely increases your risk, but the bigger danger often comes from people you know in real life. Scammers can be persistent and use social engineering, phishing, or even SIM swapping to get access. While cold storage and good security habits help a lot, some scams go beyond just knowing your username. It’s not just paranoia,, being cautious is always smart.

FunWithSkooma

as long as you know what you doing, an android phone can be secure. NetGuard is a open source app that creates a local vpn on your phone that can block every single wifi/data from apps. Turning on Airplane mode, not having a SIM card installed, not having saved wifi networks, not to mention Electrum Wallet on Android is cryrptographed with a password to access it. This is already enough security you will ever need. Having Bitcoin is more than buying and holding, is also understanding it, knowing the ways to secure your stash, learning.

LewdConfiscation

You’re definitely on the right track with self-custody and minimizing exposure on hot wallets, but there are a few things to consider. Managing multiple wallets is great for privacy, but it can get complicated. Instead of juggling different apps, a hardware wallet like the Cypher Rock lets you securely manage multiple assets in one place while decentralizing private key storage. Another big concern is seed phrase security, hot wallets require you to store a seed somewhere, which is a major vulnerability. Cypher Rock eliminates this risk by splitting your private key into five encrypted parts, so there’s no single point of failure. As for cold storage, $1,000 is a reasonable benchmark, but even smaller amounts should be protected with a hardware wallet, considering how common phishing and SIM-swap attacks are on mobile wallets. Your setup is solid for convenience, but for long-term security, pairing it with a good cold wallet is the best move.

Intelligent_End_7022

You can factory reset an old Android phone and after installing the wallet app of your choice (such as BlueWallet or Electrum from Android), you disconnect the phone from the internet, delete the Wi-Fi password, disable Wi-Fi, disable bluetooth, remove the SIM Card and on top of that enable airplane mode. Never connect it again. Your phone now is disconnected from the internet and it won’t be able to turn the airplane mode by itself, neither it will be able to turn the bluetooth or Wi-Fi on or even connect to a network without a password. Some people are way to paranoid and won’t feel confortable with this strategy. When using Electrum or BlueWallet for Android, make sure you encrypt your wallets with a password, so no one will be able to access the private keys without knowing your password. Both wallets support passphrases as well. After creating your wallet you can export your public key through a qrcode to your BlueWallet on your regular phone. It will create an observation only wallet and you’ll be able to sign transactions through qrcodes on your off-line phone just like a hardware wallet.

Intelligent_End_7022

Yes, I agree. Whatever you confortable with. I your solution would be the 100% safe. I don’t hurry too much about an old Android phone being able to connect itself without a SIM card and having Bluetooth and Wi-Fi disabled, without any network password stored. I also find dificcult finding a laptop without Wi-Fi and Bluetooth integrated to the motherboard.

drunkmax00va

I disagree with this statement. In my opinion, an airgapped laptop with TailsOS is more secure, especially when used as a live CD, without hard disk and without ever connecting any pendrives. Phones have more closed components and can potentially communicate even without a SIM card or internet connection

Intelligent_End_7022

I don’t see any issue, if you use an old Android and factory reset it. Remove the SIM card and disable both Bluetooth and Wi-Fi, and on top of that, enable airplane mode. You phone can’t simply turn your Wi-Fi on and force connect to anything. It’s pretty safe, unless you’re paranoid.

Toporin

A Seedkeeper can be used in SIM card format (plus it's protected by a PIN code)

Toporin

A Seedkeeper can be used in SIM card format (plus it's protected by a PIN code)

crackanape

In the US you can buy a prepaid SIM card and use it with no registration.

SquirtGun1776

Unlike stocks, which may or may not pay dividends, cryptocurrencies can be used directly for payments. This means you can use them to buy goods and services without needing to wait for a company to distribute profits. Cryptocurrencies often provide better security than traditional banking methods. For example, many banks rely on SMS for two-factor authentication (2FA), which can be vulnerable to attacks like SIM swapping. In contrast, cryptocurrencies use advanced cryptographic techniques that can offer stronger protection against fraud. Traditional financial tools, like checkbooks and credit cards, have their own security risks. For instance, checks can be forged, and credit cards can be stolen or compromised. Cryptocurrencies aim to eliminate many of these vulnerabilities by using decentralized technology. While traditional banks may have institutional support, that doesn’t necessarily mean their technology is superior. Cryptocurrencies represent a new way of handling transactions that can be faster and more efficient. For example, the current international payment system (SWIFT) is often slow and cumbersome, but cryptocurrencies have the potential to streamline these processes.

BitcoinAcc

Call me old fashioned, but for me, a proper cold storage device must have its own display and confirmation buttons (or similar) and not just make use of the display/buttons/touch screen of some other (internet connected) device. Having your keys in a safe storage device is no use at all, if you are tricked into signing a transaction with a different target address, because you cannot verify and confirm the address on the cold device, but only on the hot device, where a malware can manipulate the displayed target address to the one you expect, while behind the scenes it sends a different target address to the device for signing. So, by this definition, a simple SIM card or storage card *cannot* be a proper cold storage in the first place.

RED_BULLish_Crypto

I dont personally know anyone who has had a problem with CB. Im sure people who have a good experience don't post as much. What worries me is when a time sensitive issue arises (like a SIM swap and the hacker is getting into multiple accounts/emails withdrawing funds that you could stop in time) you won't be able to get ahold of a live person when every other company has customer service readily available. Especially in crypto because we're early and when you lose it its gone forever normally. It's not like a 401k or bank or credit card that has customer protections... yet

PhoePhoe2362

Use a fully separate clean email account for all your crypto stuff- with fully different passwords and usernames for all your crypto accounts. Expand to a different SIM/phone and new clean device specifically for crypto and strictly crypto only. (if you hold a large amount) Always a fresh new device from an established manufacturer- NEVER anything second hand. Do not trust DMs/emails you receive from anyone- hackers will stalk every crypto forum looking for potential victims. If you're here, you're a potential target. Even if you're locked down tight they may try get in through friends/family accounts so beware if someone starts asking for details or sends you files. Same rules applies if you run into an 'old school friend' - might be legit or might be a hacker who's dug through your social media to pull one over on you. (actually WHY are you putting so much of your life online??) Most computer "hacks" rely on human manipulation since the user is the easiest point of failure in any system. Engrave your master seed onto stainless/steel/titanium plate so it can survive a total loss event (fire/flood) on your end and you can recover your assets. Consider encrypting this/adding decoy words to it. Keep it in a sealed envelope so you'll know if its been compromised. Consider your next of kin- should the worst happen to you will they be able to readily benefit from your crypto assets? or they have pay an extortionate amount for someone to recover it? or worse the money is lost forever? Write a decoy seed in your hardware wallet's handbook- should this get stolen they'll stop searching and leave with the ''goods'' only to find out later its a dud. Never keep your seed or passwords on a digital device. A decoy seed on your device won't help security but the idea of a hackers wasting their time with a fake is kinda amusing to me.

Freefall101

I just used it today. Got my SIM card refilled using Lightning. Feels awesome!

Letsmakeitawsome

It’s not about the whitepaper. It’s about your desire to argue and prove your point no matter what. Even though you agree that ticket scalping is not possible with GET you are looking for theoretical opportunities. I’m not a part of that dialog no more because it’s totally destructive and I doubt that you can provide any sort of useful information. Wish you all the best. Go get some SIM cards for future ticket scalping 🤝

icest0

>If you were to read articles, then you would’ve understood that you need to sell your phone in order to scalp Well no, actually, SIM are not permanently boarded into your phone. They can be taken out. did you seriously not know this? ​ >Ticket is pinned to your sim + there is a dynamic QR code that changes in seconds. Yeah, which means you can just sells the SIM card. Their whitepaper even agreed with me, by saying that: ​ > It would be possible for ticket-scalpers to sell a physical SIM card containing the smart tickets for an event. Which, also mean you can still resell it for a very high price, a little bit more inconvenient but not by much.

Local-Finance8389

For cell service you may want to look into Google Fi. It works in a ton of countries and you won’t have to deal with buying SIM cards every place you go.

GSCToMadeira

To disable 2FA they should require heavy verification. Selfie with ID card, bank statement, etc. Personally i like my stock broker's approach. They give you a recovery key when you sign up and only allow app based or yumi key 2FA. If you lose your phone you can use the recovery key to get your account back right away and reset your 2FA. If you dont have either you need to go through a very long verification process. Either way SIM based 2FA really isn't secure and should not be used anymore.

draken2019

Is crypto really any safer? I've seen how easy it is for a company like Verizon to clone phones. If I just buy used phones on Craigslist or Facebook under an assumed name I could probably get a few. People aren't exactly knowledgeable about what a SIM card actually does.

saladfingers6

EU regulations require SMS 2FA now which is really stupid with all the number hijacking going on and for people that travel and switching SIM-cards. It's a bad solution to a symptom of a deeper problem.

nn123654

Never mind there is literally a class action against Coinbase right now for failure to respond to SIM swapping attacks. People have lost their entire accounts totaling hundreds of thousands of dollars. It happened to me but thankfully I didn't have anything on the exchange at the time. Some horror stories: * [https://www.cnbc.com/2021/08/24/coinbase-slammed-for-terrible-customer-service-after-hackers-drain-user-accounts.html](https://www.cnbc.com/2021/08/24/coinbase-slammed-for-terrible-customer-service-after-hackers-drain-user-accounts.html) * [https://krebsonsecurity.com/2021/12/ny-man-pleads-guilty-in-20-million-sim-swap-theft/](https://krebsonsecurity.com/2021/12/ny-man-pleads-guilty-in-20-million-sim-swap-theft/) * [https://www.nbcchicago.com/consumer/could-it-happen-to-you-thieves-target-joliet-mans-cryptocurrency-savings-through-sim-swap/2677322/](https://www.nbcchicago.com/consumer/could-it-happen-to-you-thieves-target-joliet-mans-cryptocurrency-savings-through-sim-swap/2677322/) And these are just in the last 6 months. Especially coinbase did not care at all that I got SIM Swapped and I would never do business with them again given my experience.

mcna1988

How do you prove your you? And not a hacker attempting to scam the institution into moving it to the hacker account, like the SIM swap hacks that have been used to steal millions, the private key was safe but the institution failed to verify the request before actioning on chain. What your saying is the prove you are you is an email, hmm think that defaults the point of cryptographics

iamsoldats

Buy a software addressable radio, install openbts or comparable, and create your own GSM cell tower. Give out SIM cards to anyone who comes over and live the telecom mogul lifestyle.

RewtDooDoo

I didn't think anything of it until watching a few videos, I don't use Google Authenticator but in Authy it only goes to MY phone, so the only way to bypass my 2FA settings would be with a SIM swap attack. This is a long lengthy and unreliable way of gaining access, as they can only target 1 victim at a time and need to convince customer phone support to allow a SIM card swap to the hackers device, where they intercept the message. And because YT is owned by Google, I'm assuming the Google accounts were compromised, which as you said unless we aren't understanding 2FA properly, what's the point? That or someone at Google has some 'splainin to do.

magus-21

They probably had recovery phone numbers and/or email accounts with weaker security. If you have a recovery phone number, you're vulnerable to a SIM swap even with a security key. Like I said, don't underestimate how stupid people can be with their cybersecurity.

AlternativeEffort455

I’ve listened to most all of the talks and didnt feel Charles overly hypes things.. you have to tout your project and find the and earn respect you think it deserves and foster an air of credibility in the meantime, which I think they do well. Especially accompanying Charles with Army of Spies information.. they also post mass updates with relevant links and such (opportunities maybe).. seems like a far cry from the wild west side of things.. I can see how a retail investor might thing they got overhyped and cheated somehow though since Im actually down around -10,000 usd since Ath lol, but what you expect me to do? Send that to some exchange to get SIM swapped or something ? Oh well, win some lose some.

Damn369

If you got a Thai SIM could you pick up one of their networks to tidy things up ?

dreamcasttrash

If I were not an ethical hacker, what I would do is: 1. Obtain a dump of compromised accounts. 2. Through OSINT gather information I’d need to perform SIM swap. 3. SIM swap and then use the compromised creds associated to attempt logins to every financial account I could. Assuming the average user uses the same password for everything, I’d get some hits and hope they are using SMS for MFA instead of Google Auth.

alexisaacs

I feel terrible for victims of traditional scams, because the target is older folks. I also feel terrible for victims of really convoluted scams, social engineering, SIM swaps, and viruses. But empathy is a limited resource for a person, and I have none towards these jabronies that throw their money at these obvious scams.

fchu04

I don't think that it is a safe option because a lot of SIM swap scams are going on in the market.

Macknhoez

SIM cards can be spoofed/copied to get around your phone and withdraw your funds. It's less secure than using something like google authenticator

Belnak

SIM swap. they call your phone company pretending to be you. Get your phone number routed to theirs, then use that to reset passwords and 2fa. Never disclose the same answers you use for login questions to find out what kind of pizza you are on Facebook.

11430443

SMS verification is really bad because it can really be hacked using SIM swap technique.

Nemozoli

It doesn't make me shudder, we have had security breaches before. The ISIS terrorists responsible for the Paris attacks bought 200,000 prepaid SIM cards in 2016 in Hungary. When that came to light, everyone had to register their SIMs to avoid similar cases and you no longer can buy a SIM without an ID. https://budapestbeacon.com/counter-terrorism-center-fails-to-detect-purchase-of-200-thousand-sim-cards/

deevorava

This kind of SIM swap hack are easy to do these days I had seen a lot of people falling for that.

GlobalGuy91

No, it's not always the case that someone was SIM swapped. In the last publicized CB hack of over 6,000 accounts in a period of three months, there's no way all those were socially engineered SIM swaps. You know how long it can take to do ONE SIM swap on the phone with a cell phone customer service? And it rarely works on the first call. Multiply that by 6,000 accounts just to get the phone switched over. This more likely involves internal participation of a CB employee with Admin level access to the CB platform. They go into the CB customer directory and download all the customer log in info. Then they either go off site or give that info to someone off site to log into accounts and loot them. Also, did you ever wonder why CB customer service lies and deceives the thefts so vigorously? For such a large company, how can their customer service be so unprofessional? Because the data points to internal theft going on at CB. They have been caught for insider trading and wash trading before. And that's only what we know about. Internal theft isn't caught on the first time they steal. Since employees know the internal systems so well, it can be a long time before they are caught. But if you have thieves responsible for watching over thieves, then it can go on for years. In the last hack, CB announced that the hackers had penetrated the CB platform for 3+ months before they even knew about it! Talk about lousy security!

BitcoinUser263895

Porting Attack. Social engineer rings up the phone company and convinces the L1 support flunky to give them a replacement SIM. Phone company does so, because they like money and money is easier if you make everything simple for customer. Including undoing their mistakes without proper authentication.

erikhvit

Sounds like your SIM got hacked

generateduser29128

If a website only supports SMS/Phone 2FA, use a service like Google Voice that can't be SIM swapped.

RED_BULLish_Crypto

I thought that too but I'm pretty sure that is not the case. SIM card pin just locks the physical SIM. (Like maybe if your phone was stolen they can take it it to use in their device?) It doesn't lock an employee who is socially engineered from changing the number to a different SIM. You can call the provider to put a passcode on your account for any changes, but even then an employee can do whatever if you come up with a good enough story to trick them. The best way I've heard (besides doing it all) is to put a note on the account for it to be a high risk and need a physical I.D. for any changes... but even then... my grandma is on life support and my car broke down in the snow and I'm on my last quarter with this payphone and me and my 3 month old child are freezing in the middle of nowhere. Not to mention this volcanoe is starting to rumble :)

oboshoe

Good lord. Having to register your SIM with the government makes me shudder.

x-TASER-x

It can happen if any country, but much more prevalent in countries that don’t require your SIM to be registered with the government.

XXsforEyes

“This” times 4 for the top four comments… likely a password was reused leading directly to hackers checking it against every bank and exchange site they could. SIM hacks are especially common. Authenticator apps are a must! I encourage everyone to go to sites like haveibeenpwned and take the necessary actions to protect yourself.

IkantSpelPraperly

I'm not talking about man-in-the-middle type of attack, that one is worldwide but it's too hard to pull out. I'm talking about SIM swap which is what people are talking about, it's only possible because US telecomomnunication companies don't have any security measures in place. Government doesn't care either so there are no laws to follow to prevent it. In Europe and most countries a SIM swap is not possible without proper documentation. Most countries also have a cooldown for when the new SIM will be activated, so if for some remote reason someone is able to perform a SIM swap the victim will have like 2 days without service which I'm pretty sure he/she would notice.

PhoePhoe2362

Learn how to DCA in, and stick to it- this will reduce your risk. Chose an amount to invest and stick to it- if you think you'll need the money elsewhere (rent/food/bills/repairs etc) do NOT invest it, crypto is very volatile and you may have to sell at a loss to cover yourself. Document all your investments- how much you brought and at what price, and how much you paid in fees. You'll need this to calculate potential profits or losses when you sell. Plan your exit strategy- at what values will you sell? Consider selling in increments. Do a dummy run and sell a small amount of crypto to familiarise yourself with the process. Learn how to set up buy and sell orders to make trade at the price you want. Consider options for passive income while hodling such as staking and savings accounts. Keep your assets secure- only ever a written paper copy for passwords and wallet seeds, NEVER EVER **EVER** a digital copy. A lot of users (myself included) engrave our wallet master seeds onto steel/titanium plate- which makes it almost indestructible allowing you to re-access your wallet in the event of a fire or flood. The more crypto you hold, the more measures you should take. \- A cold storage wallet is the bare minimum- do not buy a second hand wallet. \- Consider using a new clean email account specifically and only for crypto. \- If you hold a lot of assets, buy a new clean device specifically and only for crypto. \- Buy another phone and a fresh SIM for 2FA instead of your main phone where potentially 100s of people know your number. Consider contacting your provider and passphrase securing your SIM. \- Use a different username to your one on here. \- Do NOT answer DMs from anyone claiming to be from here- most of these are scammers looking to fish your crypto and/or wallet seeds. \- Make sure your anti-virus software is up to date Moonshots are over as fast as they come- the price peak might only be for an hour or so at most. You can easily miss this when sleeping or working so you may want to set up your sell orders in advance.

BigBadBen91x

Is a SIM hack what it sounds like?

DowvoteMeThenBitch

Depends what kind of 2FA and how they got in. A SIM hack breaks SMS 2FA, and it doesn’t take any skill to hop on a family member’s computer and blow up a discord while they’re signed in.

padizzledonk

.#1---2FA on everything, preferably connected to an email address that's used for nothing else- Bonus points if it's encrypted like Tutanota, ProtonMail, Mailfence etc and an authenticator .#2-- Pass/pin,pattern lock and encrypt on open for your phone,, your SIM and for all transactions on all applications and soft wallets...its annoying to have to do every time you open your phone, then again for the exchange app, then *again* for every transaction, *then again and again* for the wallet confirmation and back to the exchange but if your phones ever stolen or lost--Good fucking luck asshole, you got 3 tries to open my phone then it's bricked, then you have another 3 tries to open any of the important apps before they're locked, and if you put the physical SIM into another phone you got 3 tries too...Have fun with that .#3-- Never answer ANY solicitation from ANY place you keep money, via ANY mode of communication....Don't click a link in an email, don't field and interact with a call from your bank or credit cards etc, don't click a link or correspond via text. Hang up, take the credit or debit card out of your wallet,(or look up the official customer service number/email If it's crypto related and be careful it's the right site) use the number on the card and *CALL THEM BACK*. It's common for your bank or investment company or credit card or insurance or whatever to call you if there's a problem, you say "OK, thank you for notifying me about X, I'm going to hang up and call customer service back directly for security reasons" 100% of the time they will understand...if they get agitated or annoyed or pressure you to deal with it right that second that is a HUGE BLINKING RED FLAG that it's a scam. .#4 get a Hard Wallet and read every fuckin smart contract. That hard wallet should be used to send crypto to an exchange and back for sales and storage ONLY....STOP using the hard wallet to interact with metamask and staking and defi and trading, stop all that shit, you're just exposing yourself to a ton of smart contract risks, if you want to play around send it to a new soft wallet and interact with defi and dex and other apps through that, its annoying, and costs a little more in fees but if you have a boatload of money in a hardwallet and you want to stake your 8 Billion ShibaCum on DogCumCoin.Defi.yh-- Send that shit to a fresh wallet and limit your exposure, all you need is one fucked up scam contract that grants permissionless transactions to be approved on your hardwallet and you're fucked...just use it for storage.

MONGSTRADAMUS

Phone was directly sent to me from china from the factory. It was when I had to register phone because my old sim didn’t work and I wanted to use e-sim. I guess when I gave imei and serial number they were able to sim swap it really easily. I technically didn’t even have SIM card installed in it. My phone technically never left my hands so they couldn’t even really see what was on my phone

be_malik

It's quite obvious actually when you're involved in the right ecosystems and think about it how this is going to happen. Alot of people let the Cardano partnership with DISH network (parent company of boost mobile) just fly under the radar. It's actually a game changer because it enables EXACTLY what op is talking about on his thread. Ease of getting into crypto and ease of use. Cardano aims to have a decentralized ID(Atala prism), a wallet and a Dapp store integrated into users mobile phones and have them all seamlessly work together to give naive users the full crypto experience. Your DID is embedded in your SIM, and is at the same time your wallet, and is at the same time your access to the Dapp Store that will host hunderds of decentralized financial tools and blockchain apps for consumers to use. Cardano have also partnered with Tingo mobile in Nigeria to achieve the same ends. Combined its a 13 million person deal. I know this post won't get any love or attention, but it'll be nice to come back to when Cardano takes over the world in a couple years. Hehe.

Mundanewisdom99

Yep. It's a very important thing that most people ignore. One mistake and you could lose everything. 2FA on everything. Use Google authenticator or Authy. Don't use phone number because your SIM could be swiped.

Zantti

Lately I'm scared of SIM wap attacks so I use Authy or hardware authenticator wherever I can!

Bucksaway03

I'm not sure about verizon but with telstra in Australia, it's almost impossible to SIM swap a business account unless you are an authorised contact. Given they told YOU to call verizon it sounds like it is possible.

GoldenEyeGuy

Correct! No SIM swaps on this guy. Using an authenticator app

GodlyFetaCheese

Damn, just signed up with my phone number and then didn't really notice it looked a bit sketchy until afterward, my SIM card isn't working at the moment though so hopefully they just mark it as a fake number.