Prominent on-chain detective ZachXBT warned the X community (formerly Twitter) about the growing popularity of a SIM swap scam in the Web3 space. According to ZachXBT’s estimates, there have been 54 incidents of SIM swaps affecting crypto users in the last four months. The losses from these attacks amounted to over $13.3 million.
"Never use SMS 2FA and instead use an authenticator app or security key to secure accounts," ZachXBT warns the crypto community.
A SIM swap scam, port-out scam, or simjacking is one of the types of account takeover fraud in which a malicious actor gains access to a victim's phone number used usually by financial services for two-step verification and two-factor authentication. This means that a criminal can easily complete the verification process by receiving calls or text messages addressed to the victim.
A SIM swap scam is possible because a phone number can be ported to a mobile device that is already using another SIM card. This method is designed to help SIM card owners regain access to their numbers in case they lose their cards.
Unfortunately, there are many ways an attacker can use SIM swapping with malicious intent. Some mobile operators simply neglect security measures and perform SIM swapping without any special requirements, while others are willing to help scammers in exchange for a bribe. Often, scammers also collect personal information sufficient to impersonate the victim to exploit SIM swapping, and others may even physically force the mobile carriers' assistants to perform SIM swaps.
X users suggested their solutions to the problem. For example, user Choe mentioned services like Port Freeze and Number Lock, offered by many mobile network providers. Their activation is supposed to prevent the possibility of porting a number to another line or carrier. This can only be achieved by removing the lock, which requires a PIN or a visit to the store.
However, many X users, including ZachXBT, believe that such a lock "only creates a false sense of protection" and in reality does not help. Many of them also feel that mobile carriers should be held responsible for the increasing number of SIM swap scams.
Meanwhile, DefiLlama dashboard developer 0xngmi mentioned a new type of crypto scam that exploits the Google search engine.
"Scammers will buy an ad for a proper crypto website on Google, with the proper URL," 0xngmi said in an X post yesterday, explaining that clicking on such a URL is supposed to send users to the mobile app analytics platform kochava.com to track the click, but they are redirected to one of the scam websites.
"The result is that on Google's trusted interface, you see the correct domain defillama.com domain, however when you click on it, you get sent to a scam domain," 0xngmi said, adding that "by using ad networks that are either malicious or compromised, they [scammers] can switch the URLs."
According to the developer, DefiLlama's team has already reported this issue to Google "multiple times over multiple days," but no action has been taken. Other X users pointed out that this form of fraud has been prevalent for several years and Google has still not fixed it.
So far, 0xngmi recommends crypto users remove all Google ads with the Adblock extension and use extensions that can protect against malicious URLs.
One of the X users, Tino, mentioned a similar scam tactic that uses a series of redirects after the link leads to a genuine website to bypass the ad verification. Eventually, the link connects the user with a malicious website.