Safeguarding Your Crypto Riches
Cash.Tech Newsletter #6: Winning the war against sim swaps, embracing smart security, and self-custody via Cash.Tech
Earlier this week, U.S. authorities sentenced the last member of an international cybercrime group that stole up to $9 million in cryptocurrencies from their victims. The primary method used by the gang is sim swapping or hijacking, and there have been several similar occurrences with losses to the tune of millions of dollars.
This week’s Cash.Tech Newsletter is aligned with our mission to provide users with a secure crypto experience. We dive into the methods used by simswappers and how a combination of smart security and self-custody can help you preserve your crypto riches. As usual, we’ll bring you some exciting development updates first.
Cash.Tech development update
Our development team has resolved all issues flagged during the recent audit mentioned in our earlier releases. At the same time, we completed the integration of the NFT display function on the Ethereum Network and introduced audio and video capabilities. We are currently testing the same NFT features for the Polygon and Binance Smart Chain (BSC) networks with the goal of releasing them as soon as possible.
The next major feature on our development roadmap is the in-built tokenswap. Our UI designers have provided some display concepts that are currently being reviewed and we expect that the development process will follow shortly. We appreciate all the insightful feedback received from the community following our initial launch and remain committed to keeping you updated on key developments.
Winning the war against sim swappers
Sim swapping is a form of identity theft that grants hackers access to a victim’s mobile phone number. The masterminds use two approaches, either calling the mobile phone provider requesting that the mobile number be transferred to a device they control, or in some cases bribing an employee of a service provider to perform the swap.
In either case, the result of gaining access to a victim’s phone number is that the hacker can receive two-factor (2FA) authentication code tied to a short messaging service (SMS). The hackers in these cases have already gained access to the victim’s username and passwords, sometimes as a result of compromising the victim’s device or the exchange service. Coupled with the 2FA code, the hacker logs into the victim’s cryptocurrency exchange account to siphon their funds.
Aside from the recent U.S. indictments related to sim swapping, a large-scale security breach involving 6,000 Coinbase customers also utilized this method. In that instance, the hackers utilized email phishing campaigns to collect information such as the victim’s email address, passwords, and phone numbers. Such information, among other things, makes it easier for them to contact their mobile sim provider and impersonate the victim.
According to Watch, a UK consumer watchdog, the number of sim swap fraud reports have increased by over 400% in the past five years. Research by Princeton University reckons that four out of every five sim swap attempts are usually successful, while the below chart from Statista shows that the total amount lost from sim swaps in the United Kingdom. The prevalence of sim swaps highlights the need for cryptocurrency investors to embrace smart security measures, and above all to choose secure self-custody wallet solutions such as Cash.Tech’s.
(Source: Statista)
How to protect yourself from crypto sim swaps
If you own a cryptocurrency exchange account, a basic approach to repel sim swappers is to use strong passwords. Reliable password management applications can help you create and remember passwords, while also preventing you from adding them to malicious websites.
Another effective approach is to utilize secondary authentication methods such as a hardware token (e.g., YubiKey) or a mobile authentication app like Google Authenticator. These applications generate a one-time password for each login and can only be accessed if the hacker physically gains possession of your device.
Investors also need to stay alert to phishing attacks. Make it a habit to review website domains that you visit, and avoid hastily clicking links on email or SMS notifications that warn you about a security issue with your exchange account. Such emails are usually malicious and seek to collect basic credentials that hackers can use to execute a sim swap attack.
Embrace Self-Custody
The presence of centralized cryptocurrency exchanges provides an attack vector for sim swappers. Hence, choosing to use a secure self-custodial wallet like Cash.Tech is the most effective way to reduce your chances of losing your crypto riches to sim swappers.
Cash.Tech allows users to control private keys to cryptocurrencies stored on their wallets, meaning that they retain access to their funds at all times. There is no need for sophisticated authentication methods to prevent a breach, since the Cash.Tech wallet has been built from scratch to provide maximum security.
The existence of centralized exchanges is tied to their main service of allowing users to exchange multiple cryptocurrencies seamlessly. However, the rise of decentralized exchanges (DEXes) has nullified the reliance on their centralized counterparts. Investors now have fewer reasons to expose themselves to high security risks such as sim swaps, exchange hacks, or downtimes.
Instead, the Cash.Tech wallet provides a gateway to decentralized exchanges on the most-widely used blockchain networks including Ethereum, Binance Smart Chain and Polygon. Utilizing these on-chain exchange platforms removes the sim swapping attack vector and provides users with self-custody and a higher degree of security.
As the cryptocurrency industry matures and more users migrate to self-custodial solutions, the number of sim swapping attacks will reduce significantly. Cash.Tech is positioning itself to become the preferred option for investors, combining best security practices with a user-friendly design.
Cash.Tech wallet is already connected to the testnet and fully functional for Android and iOS devices. Make sure to download the wallet to get a first-hand experience!