According to a now-deleted Reddit post, a hacker is $45 million richer after using a sim card-switch style hack to take cryptocurrency from a big-time investor. A crypto news site published the details a week ago, managing to comb through the Reddit post before it was removed from the website.
The news site suggests the victim of the hack is the founder of a tech company called DreamHost, Josh Jones. Its estimated $30 million in Bitcoin Cash was stolen along with around $15 million in Bitcoin.
The Perils of Mobile Crypto Wallets
A SIM card switch happens when somebody searches for any publicly listed private information a suspected crypto investor might have online, including real names (first, middle and last), email addresses and phone numbers. In other words, they use social media sites to reverse engineer and find private information.
The hacker then takes that information and contacts the victim’s smartphone provider, posing as the victim online. They then use the personal information of the victim to verify they are the owner of the victim’s phone number. This is all done face to face through online chats.
Once the customer service representative on the other end of the chat wrongfully confirms the hacker’s stolen identity, the hacker than obtains a new SIM card allowing them to log on to crypto websites through their own device, work to reset passwords tied to text message reset options, and then steal whatever crypto they can find in online wallets.
This particular hack where a person of Jones’ stature is likely a bit more targeted or sophisticated, but nevertheless, any news of a major hack is bad for cryptocurrency as a whole.
Desperate Times and Desperate Measures
In the midst of publishing his story on Reddit, Jones mentions that only three confirmations of the transaction were made by the time he realized his coins were on the way out of his wallets. He says he has the private keys and is willing to offer a generous reward for getting his funds back.
The problem is that high level hacks worth multiple millions of dollars usually see crypto end up being split into smaller amounts, transferred many times over and even put through a mixer to disguise the hack.
Will The Funds Ever Be Recovered?
In the opinion of Dovey Won, a founding partner of the investing fund PrimitiveCrypto and an advisor to CoinDesk, the only way the Bitcoin Cash might be saved is if the network initiates a double spending attack that might allow the coin to somehow be in Jones’ possession again.
That said, the funds are most likely not going to be recovered. The reality is that the blockchain allows individuals to become their own banks. Not even a wealthy early adopter can call a customer service hotline to get help, and although police and tech-specialized forensic investigators rarely uncover the source of funds for a given hack. The pseudo-private nature of cryptocurrencies makes it difficult to uncover any of that information and most in the crypto community won’t consider being part of the solution, even for a hefty bounty.
The Best Way to Avoid a Hack
Even with private keys in hand, cryptocurrency tokens and coins should still be kept offline in a hardware wallet. The $45 million in coins stolen last week was all because the money was being held in wallets connected to the internet. In response to both the hack and a general dip in the market, Bitcoin is hovering around $8,800 after peaking at closer to $11,000 during its most recent bull run.