Cryptocurrencies can be difficult to track. In most cases, they are also unregulated and based on a decentralized blockchain network. This also means that it is basically impossible to get back crypto assets that have been stolen, which has made them a target for hackers who want to steal them.
One such crypto hacker is Daniel, whose actual name is something else. In an exclusive interview with Trijo News, he now explains how he, in just one year, managed to steal crypto assets worth $500,000.
“But then I just hacked about 20 people, so I haven’t been particularly active”, says Daniel to Trijo News.
Fools the telecom companies
When Daniel steals another person’s cryptocurrencies, he mainly uses a method known as the “SIM swap scam”. It is quite easy to fool the big telecom companies, according to Daniel. This is done when the hacker calls the victim’s telecom company and requests that his och hers mobile phone number would be diverted to a telephone number that the hacker controls.
Most customer services at the major telecom companies are supposed to have a protocol and control checks to minimize the risk of this fraud, but according to Daniel, it is not difficult to get the customer service to divert the number.
“There are always ways to convince. For example, that you call and pretend to work at Tele2 (a Swedish telecom company) and ask them to help you forward a number”, says Daniel.
Are you good at it?
“Yes, it does not take many calls before you have learned to pretend”.
Circumvents the two-factor authentication
Once the number has been redirected, the hacker visits the victim’s Gmail or Outlook account, enters the victim’s email address and clicks “Forgot your password?”. The hacker then chooses to get the verification code by voice to the victim’s mobile phone number, which the hacker now controls. This is actually a feature available to help, for example, visually impaired people to reset their account passwords.
In this way, the hacker circumvents the so-called two-factor authentication.
“I think it’s careless. So much money is stolen through them. Not enough attention is paid to this, which for us is an advantage”, says Daniel.
“I think it’s careless”
According to Daniel, he has found many private encryption keys for cryptocurrencies in people’s Gmail. They can be saved as drafts or sometimes they have just emailed them to themselves.
Once Daniel has got hold of a private encryption key, he can simply log in to a digital crypto wallet and steal all the cryptocurrencies that are there. He says that he sometimes also found login information to various crypto exchanges, and then he just logs in there and steals the victim’s assets.
What do you say about the moral aspect, that you actually steal money from other people?
“Well, you don’t feel anything. You never meet the person plus everything is anonymous so you can’t get guilty feelings for it”, says Daniel.
He also says that he thinks that people only got themselves to blame if they do not protect themselves better.
Telecom companies are supposed to have protocols
Several big telecom companies have previously claimed that they have protocols in place to prevent people from hijacking others’ telephone numbers. But according to Daniel, it is still possible to deceive customer services at most operators – several in the US and all in Sweden.
Trijo News has contacted the major telecom companies in Sweden and the US, but most have not replied. One who responded, however, was Telenor Sweden who claims that SIM swap scam is very unusual and has only occurred in some individual cases in recent years.
“We have also introduced various measures to prevent this from happening, including a number of control questions and also a callback that is made from us to the number that you want to divert from”, says Gabriella Mathisson at Telenor’s communications department.
We have talked to a person who says that it is easy to trick the customer service to forward a person’s mobile phone number at all Swedish telecom companies. What do you say about that statement?
“We have a number of protocols in place to prevent similar things from happening. We take all forms of fraud attempts seriously and also look at possible additional verification solutions when it comes to forwarding calls”, says Gabriella Mathisson to Trijo News.
This is how you protect yourself
Although being hacked can sound like an easy thing, it is actually not difficult to protect yourself. A first good thing to consider from a security perspective might be to never save your private encryption keys in your email online or on your computer. If the keys have any contact with the internet, there is always a risk that they may be stolen.
According to Daniel, the best way to protect yourself is simply not to link your phone number to your email, and instead use another type of multi-factor authentication such as Google Authenticator. That makes it much more difficult for crypto hackers to access people’s cryptocurrencies, according to Daniel.
—
