Professional Documents
Culture Documents
Images haven’t loaded yet. Please exit printing, wait for images to load, and try to
The SIM Swapping Bible: What To Do
print again.
When SIM-Swapping Happens To You
How to protect yourself from a SIM hijack, deal with an
attack as it happens, and recover afterwards.
CipherBlade Follow
Jun 5 · 50 min read
Of course, SIM-swapping isn’t the only risk that exists in this digital world.
It’s a good idea to audit your online security overall, and we recommend
referencing MyCrypto’s Security Guide For Dummies And Smart People
Too.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 1/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
. . .
Table of Contents
INTRO: What is SIM jacking?
• How do they get your SIM / phone number?
• Separating Concerns
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 2/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
• Bonus Round!
CONCLUSION
. . .
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 3/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
Why? The ROI for attackers getting their hands on your crypto is huge.
Crypto is very unique — it's decentralized, it can be easily anonymized,
and it has real monetary value. This attack is relatively easy, requires no
code, and is becoming increasingly reported upon, inspiring more and
more attackers to give it a shot.
In addition, your cryptocurrency isn’t the only thing that can be stolen.
2019 saw a transition from stealing crypto to stealing sensitive data,
such as business documents, personal information, or other data. The
SIM swappers no longer need to rely on directly stealing funds—they
can also succeed via extortion.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 4/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
All of the above results in more people attempting more attacks with
more success. In turn, it's not just famous people, the "top 100
influencers," or high-profile traders who are under attack. It's anyone
and everyone who is involved in crypto.
You are at risk. Accept this. Take action now before it is too late.
Support agents aren’t trained on this type of attack and are able to
migrate your phone number, regardless of the information “you”
provide or don’t provide. 99% of their calls are from people who
legitimately broke their phone or got a new phone and need this action
taken. Support agents are typically paid next to nothing and their
performance is judged by computers. There is little incentive for them
to protect you from an attack they know nothing about, and a high
incentive for them to help "you," keep "you" happy, and keep their
average call times down. To make matters worse, any notes on your
account are not prominently displayed to support agents and are
completely inaccessible to them if you have an additional PIN /
password on your account.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 5/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
• You may have notifications that came through before your phone
lost service or if you still are connected via Wi-Fi, like emails from
your phone carrier or password reset emails from various services.
• You may have a system notification stating that you can no longer
access a phone-level account (like your Apple ID or Google
account) and need to re-enter your password.
• On iOS or your Mac computer, you may have a "are you attempting
to log in from Los Angeles, California?" pop-up.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 6/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
services you use as they go. Let’s look at one SIMple example. Keep in
mind, this is not a comprehensive look at what an attacker could do to
you.
3. The attacker clicks “Try another way” until they get to the “Get a
verification code sent to (XXX) XXX-XXXX” screen.
4. The attacker receives the SMS sent to your phone number that
they now control and successfully resets your password and gains
access to your Google account.
6. The attacker looks through your email and sees emails from
Coinbase and Kraken.
9. The attacker buys more crypto with any USD holdings you have,
linked credit/debit cards, or linked bank accounts. If these
transactions are processed before you regain access to your Google
or exchange accounts, your bank account will be emptied, sold for
crypto, and in the attacker’s sole control.
Note: because the attacker has access to your email and SMS, they are
able to intercept and then delete any emails or texts regarding your new
password or withdrawals. This means you may not realize which
accounts have been accessed or emptied until much, much later.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 7/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
The actionable items described below should take you three or four
hours to complete. Please, take the time to secure yourself and your
cryptocurrency. If you don't, perhaps consider that these decentralized,
irreversible assets may not be a good fit for you right now.
We applaud you for making it this far. You’ve invested more time into
educating yourself about personal security than most. This is essential
in a space where there is no centralized party, government, or bank to
fix things if they go wrong.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 8/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
Action Items
• Log into your mobile phone carrier account and change your
password to a strong, unique password.
• In any unused fields, like middle name or address #2, add your
own notes. Like: “DO NOT SWAP SIM” or “REQUIRE IN-STORE
VISIT FOR ACCT CHANGES!!” or “DON’T YOU DARE PUT MY #
ON A NEW PHONE!”
• If you have multiple people on the account, see if you can remove
yourself as a person with authorized access to make account
changes. Imagine you are an irresponsible 12-year-old teenager
and the other person on the account is your mom 😉. Do that. You
may need to call or be in-person.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 9/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
you discussed and any changes that were made to secure your
account.
• Share what you learn and what your experience was like with us
and others, especially if there was something specific you said or
did that worked especially well.
• Be nice and courteous. It's unlikely that the minimum wage store
employee knows about these attacks and certainly doesn't have
the authority to implement and enforce proper security
procedures on a corporate level.
• Inform them that you are a high-risk individual (even if you don’t
think you are!) and you need to understand what they are doing to
protect you from this style of attack. See what they offer before
listing your demands.
• Rumor has it that some phone carriers have special services for
“high-risk individuals or celebrities.” Ask about that.
. . .
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 10/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
Don’t use your primary cell phone number for business — the one
everyone knows and is easily discoverable via your social profiles,
open-source intelligence (OSINT) tools, or free online services. Don’t
use your personal or business number for securing or logging into
accounts.
A Google Voice number is free to sign up for. You can use a Google
Voice number for SMS verification for websites and services that insist
on using SMS 2FA or otherwise require a phone number. As long as the
Google account you have associated with this Google Voice number is
secure, you will be more secure.
Ideally, you will have a dedicated Google Voice number that you use
solely for securing accounts. It should not be known by anyone nor
should it be tied to a Google account you currently use / is known.
Don’t share this number or email with people, and don’t enter it into a
form when you make a random online purchase.
Action Items
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 11/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
While the above cannot be understated, it’s also worth noting that
emails are not necessarily the highest-value asset in your Google
account:
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 12/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
• They can see all your bookmarks (like which exchanges you use)
via chrome://bookmarks/.
• They can see all your home, work, and old addresses via
chrome://settings/addresses.
• They can grab your mnemonic phrase, along with some sexy
photos, via Google Photos.
• They can steal your paper wallet backup stored in Google Drive.
• They can make a clone of your phone using your backups that are
stored in Google Drive.
• They can see where you are currently, physically located and
everywhere you’ve been in the past via your Timeline.
• Your calendar tells them where you will be and if you are traveling
soon so they can time future attacks while you’re on a plane.
• If it’s not in your calendar, they can just Google “my upcoming
flights.”
• They can access all your past Google Fi messages and voicemails
and intercept incoming ones.
• They can see all your notes in Google Keep, like the passwords you
save there.
• They can grab all your contacts, including your social security
number and your secret key that you store under “Me.” They now
have the names and phone numbers of your crypto-colleagues.
• They can view all the emails you sent to yourself with sensitive
information in them.
• And now know every service they should visit and initiate a
password reset for.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 13/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
• And see all the apps you have installed and uninstalled, like which
exchanges or wallets you prefer on your Android device.
• Not to mention all the sites you frequent and stuff you do.
• They can log into and “sync” their Chrome browser to your Google
account, giving them access to all Chrome extensions you have
installed.
• Access to and ability to edit and deploy any chrome extensions you
manage.
• Access to all your data and your user’s data that is in Firebase.
• Access to any sites you use the "Log in with Google" button to log
in to.
Action Items
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 14/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
3. Depending on what you have set up, what come next will vary.
7. Once you add one type of 2FA, Google will ask you to add a
“backup option.” You want to use “Backup Codes" as your backup
option, which are simply a set of single-use codes that you can use
if you break your phone or otherwise lose access to your primary
2FA method of account. These are super important secrets and
should be backed up and secured as such.
8. Super important secrets are things like private keys, paper wallets,
your birth certificate, or social security card and should be stored
in a manner that optimizes for security and long-term, infrequent
access. Do not print or download them. Don’t take a
screenshot. Don’t take a photo. Instead, take out a pen and
paper and write down the secret as carefully and legibly as possible.
Then, take a new piece of paper and write it down again. Note the
account they are for and the date. Keep these in two physically
distinct, secure locations. You could store these in a fireproof /
waterproof safe, something like a Steely or CryptoSteel, get a fire-
resistance bag for <$20, or simply laminate them or put them in a
Ziploc bag sealed with tamper evident stickers. One reason to have
two copies is that if your house burns down, you have another
copy. Get in the habit of backing up and storing critical account
information, high-risk passwords, recovery codes, 2FA seeds,
private keys, and seed phrases in this manner.
12. Security Key: YES! This is the most secure option, but requires
you to purchase a separate device like a Titan, YubiKey, Ledger, or
Trezor. If you choose this option, I recommend also using the
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 15/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
14. Backup Codes: YES. Always have backup codes and never store
them on a digital device. See step #8 above for how to securely
store your backup codes. If you didn’t just generate these codes,
click “Show Codes,” then click “Get New Codes,” then back them
up in the manner described in step #8.
15. Google Prompt: YES or NO (your choice). The jury is out on how
secure this is because it’s so new, but it seems fine as it’s tied to a
device rather than a phone number. This may or may not be
available depending on your mobile device. You can use it if you
like it, or turn it off if you don’t like it.
16. Voice or text message: NO! If this is already set up, remove it.
17. Devices you trust: Click “Revoke All.” Let’s start fresh.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 16/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
21. Ways we can verify it’s you - Recovery Phone: Remove your
recovery phone! You can use methods from your 2-Step
Verification to recover access if you need to. Click the “Recovery
Phone” row and then the little delete / trash icon next to your
number.
22. Ways we can verify it’s you - Recovery Email: Remove your
recovery email! Click the “Recovery Email” row. There is no
"delete" icon, so click the edit button. Delete all the text in that
line. Click “Done.” It will let you save the empty field, removing
your email as a recovery option.
23. Ways we can verify it's you - Security Question: This only
appears if you have a very old Google account and previously set it
up. If you see it, remove it immediately. Security questions are the
worst of the worst when it comes to security.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 17/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
Total Time
. . .
If you use an iCloud email address, an attacker can access any account
linked to that email address. They can also access, edit, and deploy any
iOS or Mac applications you manage with that Apple account.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 18/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
There are two ways to proceed with the recovery process: via your
phone number or using a stolen “trusted device” of yours that isn’t
protected with a secure, unique password.
When you have 2FA enabled, you need to authorize a password reset
from a trusted device. This is why using a secure, unique password is so
important.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 19/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
Most of these next methods involve using “Find my iPhone” with the
aid of an authorized retailer and one of their devices.
Or, if a bad actor has collected personal information about you, they
can attempt to reset your password without a device, though this can
take days and cannot be expedited. At the start of the process, you are
sent a confirmation code via SMS, so the attacker can intercept this and
begin the procedure.
Some of the personal information include things like your long card
number, expiry date, and card security code of a payment method
attached to your AppleID. These types of requests are sent to Apple and
communication is delayed until they can verify the request and will
email your AppleID later with a follow-up.
If your device is stolen, you can report it to Apple to get the serial
number blacklisted and put it into “Lost Mode.” This means when the
device connects to WiFi, the location is pinged to iCloud so you can see
where it is.
Apple has very strict security policies and even authorized retailers do
not have special powers to recover an account—they are required to
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 20/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
Key Takeaways
• Ensure you limit the number of “trusted devices” you link to your
Apple account to only devices you are actively using.
Action Items
Please note: Apple has two di erent “Two-step” things. You want “Two-
factor authentication,” not just “Two-step veri cation.” Yes, it’s mind-
numbing.
• Remove any devices attached to your AppleID that you are not
100% actively using. You can always add them back in the future.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 21/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
• Audit devices that are trusted by your AppleID. Remove those not
in your possession anymore or ones you don’t use.
• For each device listed, ensure you have enabled and use a secure,
unique password. This means that computer #1 has a different
password than computer #2 which has a different password than
your iPhone.
Total Time
. . .
The two most recommended and accessible solutions are LastPass and
1Password. These are “cloud-based,” although all your secret data is
protected and encrypted by a “Master Password” that never leaves your
computer / device. This means that there is no “forgot password”
button and no way to access your account if you forget your master
password.
Action Items
Note: not all of these may be available for your speci c password manager.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 22/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
Total Time
• 10-20 minutes
. . .
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 23/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
If you get SIM-swapped and they recover your Authy codes on their
device, they will have access to all your SMS 2FA codes AND your
token-based 2FA codes!
If you absolutely insist on using Authy, you must ensure it's secure.
Action Items
• That's it!
• Fine….
• Open Authy.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 24/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
• Select any other devices and click "Remove." This ensures you
don't have an old phone laying around with all your codes.
Now, when you get a new phone, you can turn on multi-device support
momentarily, set up Authy on your new device, and then turn off multi-
device support immediately after. This will migrate your codes.
However, this assumes you have your previous phone — you didn't lose
it or break it.
If you do lose or break your current phone, you won't be able to recover
these codes. So, again, just use Google Authenticator and back up
manually via paper. It's not that hard and much more secure.
Total Time
• 2 minutes
. . .
You may not recall, but you never created a username, provided an
email address, or created a password when you set up Telegram. Unless
you've adjusted your Telegram settings, the only thing you need to log
in is a code provided via Telegram message on a trusted device or a
code sent via SMS.
You can make your Telegram a bit more secure by enabling both the
"local passcode" and "two-step verification" settings:
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 25/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
Too often, people entirely overlook these Telegram settings (let alone
all of the other steps) and while they may not experience financial loss
if their Telegram is compromised, their colleagues do when the SIM-
swapper hijacks their Telegram account and asks all their contacts for
money.
Action Items
• Bonus points! Under "Active Sessions," remove any that you don't
recognize, are on old phones, or are not actively using.
Total Time
• 2 minutes
. . .
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 26/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
Here’s the easy, although mildly tedious, next step: You’re going to set
up Google Authenticator on every website or service you use that
allows it, and remove your phone number / SMS recovery.
Pro-tip: Since you are going to be logging into all these accounts anyways,
we recommend you set up a password manager like LastPass or 1Password
if you don’t already use one, and create new, secure, unique passwords for
each of these accounts. This ensures password reuse doesn’t bite you in the
ass, especially with the billions of username / passwords that have been
compromised over the years.
While it would be impossible to list every service you may use, here
is a prioritized list of what to add your new best friend Mr. 2FA to.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 27/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 28/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
. . .
Take the time now to set up and practice making a phone call without
your SIM card.
• Line: The newest rage in Asia and supposedly allows you to make
free calls to landlines if you watch an ad first. You’ll have to
confirm it works though as it rejected every number we tried
calling. Available for literally every device.
• Skype: Available for every device but costs a bit of money to call a
landline (as you will need to do in this case). Loading it up with
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 29/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
• Viber: It costs money to call landlines via Viber Out, but if you
already use Viber it would probably still be worth it to throw $10
worth of credit on it now just to have it available. iOS, Android,
Mac, Windows, Linux.
Action Items
• Using the option you chose above (or a different option you
prefer), try calling yourself. Ensure the call connects and you hear
your voicemail message playing.
• Call this number and ensure you connect and listen to options
play. If you feel up to it, have another chat with them about their
security offerings. 😉
• If you did this on your computer, repeat on your phone. If you did
this on your phone, repeat on your computer.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 30/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
Thanks to Chris Robison and his SIM swap guide for grabbing all the
numbers!
Total Time
• 10-15 minutes
. . .
Bonus round!
There are a few things that don't strictly fall in the scope of this guide
but are good practices. We’re including them as they are actions victims
of SIM-swapping wished they had taken.
Okay, this may be overkill, but you get the idea. Now if an exchange or
ICO company is breached, they can’t use your identification scans or
selfies to launder money or bypass KYC requirements.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 31/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
Instead, take out a pen and paper and write down the secret as carefully
and legibly as possible. Then, take a new piece of paper and write it
down again. Note the account they are for and the date. Keep these in
two physically distinct, secure locations.
One reason to have two copies is that if your house burns down, you
have another copy. Get in the habit of backing up and storing critical
account information, high-risk passwords, recovery codes, 2FA seeds,
private keys, and seed phrases in this manner.
• https://medium.com/changelly/hardware-wallets-101-
88442ac385b2
• https://support.mycrypto.com/how-to/backup-restore/how-to-
save-back-up-your-wallet
• https://en.bitcoinwiki.org/wiki/Cold_storage.
. . .
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 32/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 33/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
3. Ask for your phone number moved back to your SIM / device.
As would be the case, they will likely now decide that you must
absolutely, positively be in-store with a government-issued ID. But,
it never hurts to ask.
5. Ask for and write down the case ID number and / or support
ticket number for your records and future conversations with law
enforcement. If they push back at all, ask them how you are
supposed to reference your case when filing a report with law
enforcement.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 34/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
• Hang up and try again with a new agent if you get a particularly
dense or uncooperative employee. This is likely how your attacker
did it, so can you.
. . .
It’s not a bad idea to refresh your locks every now and then.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 35/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
If you cannot access your Google because the attacker has changed the
password, follow this guide by Chris Robinson on how start the
recovery process for your account. You should do this now.
• Screenshot excessively.
• Write down any and all the services you see mentioned in these
emails.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 36/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
8. Screenshot and then remove all devices, apps, active sessions, app
passwords, “log in with….” sites, connected accounts, etc.
10. Make a note if there are signs the attacker accessed that account or
made any changes.
2. If you have any money or crypto in these services but you aren’t
confident about moving it, you can email them and request they
lock down your account and prevent any withdrawals, deposits,
trades, buys, sells, transfers, and/or logins until further notice.
Links to top exchanges and an email template can be found in
Chris Robison’s guide.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 37/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
6. Screenshot and remove any and all API keys or OAuth applications
(e.g., https://www.coinbase.com/settings/api).
• You should now see all devices that have access to your Telegram
and messages.
Breathe.
Once you’ve put the proverbial tourniquet on the situation and phone
number is back in your control, or at least guaranteed to be out of the
attacker’s control, you’ve secured all of your accounts, there are no new
password reset emails or other weird things happening….
Breathe.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 38/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
Just do it.
• Gmail: https://support.google.com/mail/answer/45938?hl=en
& https://myactivity.google.com/item.
• Coinbase: https://www.coinbase.com/settings/account_activity.
Keep your eyes open for anything you missed the first time around. If
you see signs of an attacker accessing one of your accounts, what were
they doing? What information were they able to access? What
information do you know they accessed? What could they do with that
information?
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 39/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
Sometimes they are able to reveal certain information, such as how this
occurred, when it occurred, if it was done in-person or over the phone.
Sometimes they will even give you the IMEI and other details. Note all
of this.
You should also discuss and implement whatever options they have
available to secure your account and ensure this can’t happen again.
Sometimes, magically, there now is another layer of protection they can
offer you that they didn't think to mention before.
3. Accounts that have been accessed (e.g., Gmail and Coinbase) with
specific timestamps, device information, IP information, and other
data as applicable. Be sure to include the obvious - your email
address, the account information (username or registered email)
for the exchange, etc.
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 40/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
6. Any extremely sensitive data that could have been accessed (KYC
documents, trade secrets, etc).
. . .
“I want to let you know that on [DATE] I was SIM swapped and had some
of my accounts hacked. Some information in our messages / emails may
have been compromised in the process. [NOTE ANY ESPECIALLY
RELEVANT SPECIFICS HERE.] I have notified law enforcement and taken
steps to secure my phone number and accounts. It is possible that the SIM
swapper(s) may contact you or attempt to extort you. If they attempt to do
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 41/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
so, please notify law enforcement and do not pay them. While I find this
incident embarrassing, I hope that my transparency in this matter is
appreciated and we can continue our professional / personal relationship
after my hard lesson learned.”
For those of you that are interacting with the victim of a SIM swap,
providing the victim support and understanding during this time, and
especially gratitude for their transparency, is extremely important.
Inversely, if an individual (and especially) a company experiences a SIM
swap or other data breach and conceals it, we highly recommend
ceasing any relationship with them due to their disregard for you and
your own security. You also have the ability to notify pertinent
authorities that this individual or business opted to try to sweep the
incident under the rug, which is often illegal. Legalities aside, as an
industry, we need to begin expecting individuals (and especially
companies) to do the right thing.
. . .
Additionally, you may want to re-secure and ensure you have secure,
offline backups of all of your accounts, passwords, recovery codes, 2FA
backups, etc. now that you have more time.
. . .
You may experience extortion attempts from the SIM swapper(s), but
do not give in to these. If you do, the SIM swapper(s) will simply return
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 42/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
. . .
There are very few people who qualify as legitimate investigators for
this type of crime and they will not be anonymous. Your friends are not
investigators. A random dude on Twitter is not an investigator.
Currently, the only known professional service for support on these
types of incidents is CipherBlade. Anybody that contacts you claiming
to have identifying information on those responsible for your incident,
for a fee, is attempting to scam you.
. . .
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 43/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
However, giving that exchange a “heads up” that law enforcement may
be contacting them soon is still considered to be a good practice.
. . .
. . .
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 44/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
If at any time during this process things get especially tough and
you are feeling hopeless, depressed, or suicidal, we strongly
encourage you to talk to someone about it. There are so many amazing
resources out there, especially if you aren’t getting the support you
need from your own personal network.
• More resources
• And, if you hate phone calls, you can shoot an email to the
Samaritans.
. . .
Now is a good time to put aside any personal beliefs, fear, or avoidance
of law enforcement. The law enforcement officials you will be in
contact with don’t care about your drug preferences or shoddy tax
work.
“Hacker for hire” services are almost always scams that capitalize on
your desperation and gullibility. At best, you’ll lose (more) money. At
worst, you've just implicated yourself in a crime.
. . .
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 45/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
Accept:
You can only change yourself and your own personal security
moving forward. While it's incredibly frustrating to rely on third
parties without being able to change or control their behavior, that's the
way the world works.
On a brighter note, some folks find that sharing their experience and
educating those around about how to be more secure can be cathartic
and rewarding. Be careful not to reveal exact specifics of your case and
focus on helping others rather than playing the blame game. Helping
others can help yourself.
. . .
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 46/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
1. Telling yourself that the assets are lost actually helps your
mental health. Constantly thinking about these assets may tempt
you to do things fueled by emotion that will push your case
backward, such as engaging with the SIM swapper(s), leaking
data, or otherwise making needless noise for investigators.
. . .
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 47/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
Regardless, you are the best person to determine what help you may
need. We encourage you to check in with yourself throughout this
process, stay mindful, reflect on your situation, and take measures to
improve yourself and your life.
. . .
Conclusion
Sim-swapping is a terrifying reality in this day and age and is especially
prominent in the cryptocurrency industry. As long as phone numbers
remain a single point of failure and protect so much value, SIM
swapping attacks will continue and likely increase in frequency and
sophistication.
Until we change this aspect of the world, you must take responsibility
for your own security. By educating and securing yourself, you are
one less victim and one less success story for an attacker. Proper
preparation prevents piss poor performance.
. . .
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 48/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
. . .
. . .
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 49/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
• https://www.zdnet.com/article/wave-of-SIM-swapping-attacks-
hit-us-cryptocurrency-users
• https://nypost.com/2019/04/13/hackers-are-stealing-millions-
in-bitcoin-and-living-like-big-shots/
• https://blog.kraken.com/post/219/security-advisory-mobile-
phones/
• https://medium.com/@cipherblade/how-not-to-react-when-
your-cryptocurrency-is-stolen-92f7c72616af
• https://medium.com/mycrypto/mycryptos-security-guide-for-
dummies-and-smart-people-too-ab178299c82e
• https://winter.mycrypto.com/
• https://cipherblade.com/cybercrime-reporting/
• https://www.youtube.com/watch?v=WW6myutKBYk
• https://coingeek.com/cipherblade-share-a-lesson-about-crypto-
theft/
• https://support.mycrypto.com/staying-safe/how-to-securely-
store-and-guard-your-private-key
• https://medium.com/changelly/hardware-wallets-101-
88442ac385b2
• https://support.mycrypto.com/staying-safe/protecting-yourself-
and-your-funds
• https://github.com/crytic/awesome-ethereum-security
• https://github.com/crytic/blockchain-security-contacts
• https://medium.com/mycrypto/mycryptos-security-incident-
response-101-36a57b17038b
• https://support.kraken.com/hc/en-us/articles/360000444963-
Setting-up-the-Global-Settings-Lock-GSL-
• Titan
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 50/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
• YubiKey
• Ledger
• Trezor
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 51/52
6/18/2019 What To Do When SIM-Swapping Happens To You – MyCrypto – Medium
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d 52/52