Scott Melker, also known as the “wolf of all roads”, says that It was the victim of a SIM swap attack in February, but was able to avoid losing crypto assets.
In a post on August 4 on Melker’s website entitled “Security tips and lessons from my hacking”, the dealer said this He was able to protect access to his bank accounts, credit cards, and crypto exchanges after a hacker took his identity by cheating his phone company and rerouting Melker’s communications to the hacker’s phone.
According to Melker The hacker had access to his number and text messages, which would have given him access to all of his funds If you have relied on two-factor authentication (2FA), which is transmitted via SMS.
However, used a form of 2FA (Google Authenticator, Authy) that was saved on a separate offline device. “This is the only thing that has saved me from the most damage,” said Melker.
“”Even with my username and password, they couldn’t access my 2FA. This gave me enough time to contact my banks, credit cards, crypto exchanges, etc. and blocked my accounts. “
According to reports In a series of T-Mobile SIM swap attacks in July 2017, hackers Reggie Middleton, CEO of cryptocurrency company Veritaseum, stole $ 8.7 million in crypto assets. Investor Michael Terpin Terpin also claims that he lost $ 24 million in cryptocurrency between 2017 and 2018 as a result of two ATT SIM swap attacks.
How does Melker suggest avoiding a similar fate?
“”Never use SMS confirmation as part of your 2FA“Melker definitely explained.”[Los hackers] You have this SIM swap attack vulnerability. 2FA is a double-edged sword that provides protection when used correctly (in a separate device). However, it allows easy access to everything if it is just a text message to your phone as the hacker receives your texts and calls. “
He recommended to use an authenticator (The Google version of Authy that says it could be hacked) on a separate device, offline and not on your current phone.
“As soon as you change your SIM card, everything on your current phone will be wasted.”
He recommended that 2FA be used for all accounts, from social media to banking, and that Chrome should not be used because he believes there are “astonishing” vulnerabilities.. In particular with regard to crypto assets, Melker encouraged traders to withdraw their phone numbers from the exchanges and to keep their assets in offline storage.
“”We clearly cannot trust phone companies to protect us“said.