Cryptocurrency is being stolen with phone numbers
Collapse
X
-
Tags: None
-
I remember hearing a story about this a while back. But this needs to be repeated.
Guy was talking about bitcoin on twitter. Bad guy got his phone number and was able to switch his phone to that number. Did a password recovery and the bad guy got the guy's bitcoin and ether. The guy that got ripped was watching his account get drained and trying to call support. Which was closed.Comment
-
-
Old news but worth repeating -- this still works?
Encrypted SHA3 dual verification (credentials) has been known (with the encryption algorithms of the era) for over 15 years now. password and 'key phrase' is one common way it is done.
https://www.theregister.co.uk/2016/1...s_say_boffins/Comment
-
If I recall correctly the account was also set up to use SMS for two factor authorisation, so by porting the victim's number to a new phone+SIM it was possible to set a new password and log in using 2FA...I remember hearing a story about this a while back. But this needs to be repeated.
Guy was talking about bitcoin on twitter. Bad guy got his phone number and was able to switch his phone to that number. Did a password recovery and the bad guy got the guy's bitcoin and ether. The guy that got ripped was watching his account get drained and trying to call support. Which was closed.
Don't use SMS for 2FA!Comment
-
I use google authenticator on one site and on another I have email and then sms. Doesn't make it stronger with the added 1st step email confirmation if someone ports my phone number. Might look into another solution.
Is google authenticator the best solution to protect a user account ?Deposit Today With BTC - Play With BitcoinsComment


Comment