Thread: Cryptocurrency is being stolen with phone numbers
View Single Post
Old 08-25-2017, 06:27 AM  
rowan
Too lazy to set a custom title
 
Join Date: Mar 2002
Location: Australia
Posts: 17,393
Quote:
Originally Posted by lezinterracial View Post
I remember hearing a story about this a while back. But this needs to be repeated.

Guy was talking about bitcoin on twitter. Bad guy got his phone number and was able to switch his phone to that number. Did a password recovery and the bad guy got the guy's bitcoin and ether. The guy that got ripped was watching his account get drained and trying to call support. Which was closed.
If I recall correctly the account was also set up to use SMS for two factor authorisation, so by porting the victim's number to a new phone+SIM it was possible to set a new password and log in using 2FA...

Don't use SMS for 2FA!
rowan is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote