See More

Suspect Apprehended in $36M Crypto Sim Jacking Case in Canada

2 mins
Updated by Kyle Baird
Join our Trading Community on Telegram

In Brief

  • A young man was apprehended in Canada after stealing $36M in crypto by exploiting a weakness in the phone number allocation system.
  • Cellular networks can be a weakness in two-factor authentication systems.
  • In the first three quarters of 2021, residents of British Columbia lost $3.5M in crypto-related scams.
  • promo

A young man from Ontario, Canada, has been arrested for a multi-million dollar crypto theft that exploited the two-factor-authentication system used by many exchanges globally.

The suspect manipulated cellular network employees to duplicate phone numbers so that he could intercept the two-factor authentication details, according to the Hamilton police in Ontario.

About CAD$46M ($36.5M) worth of cryptocurrency was stolen from the victim. The apprehension of the criminal started with an investigation back in March 2020. It involved the Federal Bureau of Investigation (FBI) and the United States Secret Service, who investigated a similar incident affecting a victim in the U.S.

The Canadian Anti-Fraud Centre lists some guidelines and tips to protect digital funds that can be found here.

Vulnerable to exploitation

The British Columbia Royal Canadian Mounted Police, the British Columbia Securities Commission, the Canadian Anti-Fraud Centre, and municipal authorities have cautioned Canadian citizens of criminals using social media and dating sites to target people with crypto-related scams. In the first three quarters of 2021, residents of British Columbia lost $3.5M in crypto-related scams.

The Logic reports that more than 600 companies offer cryptocurrency-related services in Canada that are not registered with the relevant securities regulator, highlighting Canada’s lax defenses against fraud. The companies hold approximately $144B worth of bitcoin (as of March 2021).

Is two-factor crypto authentication enough?

A ‘factor‘ can be one of the following: something one knows (pin or password), something one has (cellphone), something that one is (fingerprint, face recognition). It’s often difficult to gain access to more than one of these factors at a time, hence the popularity of the two-factor authentication protocol.

Sometimes exchanges will send customers an SMS with a one-time PIN. If cellphones get stolen, or somehow the messages are faked, one of the factors will get compromised, as in the case of this crime. The use of hardware wallets can also protect users from the risk of hot wallets that are connected to the internet.

A group hacked a Coinbase account in 2017 in an experimental exercise by exploiting a flaw in the cellular network that allows text messages sent to a number to be intercepted. That allowed them to reset the Coinbase password for the account holder. The cellular network was also a vulnerability in the aforementioned Canadian attack. In a separate incident, 6,000 Coinbase users had their data stolen through a phishing attack that exploited the two-factor authentication system.

The SS7 network is a system in the U.S. that is used to manage calls and texts between phone numbers. There are many known SS7 vulnerabilities, and hijacking services are even available on the dark web.

Top crypto platforms in the US | April 2024
Coinbase Coinbase Explore →
AlgosOne AlgosOne Explore →
Chain GPT Chain GPT Explore →
iTrustCapital iTrustCapital Explore →

Trusted

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

David-Thomas.jpg
David Thomas
David Thomas graduated from the University of Kwa-Zulu Natal in Durban, South Africa, with an Honors degree in electronic engineering. He worked as an engineer for eight years, developing software for industrial processes at South African automation specialist Autotronix (Pty) Ltd., mining control systems for AngloGold Ashanti, and consumer products at Inhep Digital Security, a domestic security company wholly owned by Swedish conglomerate Assa Abloy. He has experience writing software in C,...
READ FULL BIO
Sponsored
Sponsored