1. Home
  2. sim swapping

sim swapping

Debate over 2FA using SMS after SIM-swapping victim sues Coinbase

While members of the crypto community are doubtful the lawsuit against Coinbase will be successful, it has sparked a conversation about the issues with SMS 2FA.

The crypto community is debating whether SMS two-factor authentication (2FA) should ever be used for account security following news that a Coinbase customer is suing the cryptocurrency exchange for $96,000.

On Mar. 6 Jared Ferguson filed a lawsuit against Coinbase in the United States District Court for the Northern District of California, claiming he lost “90% of his life savings” after funds were withdrawn from his account by identity thieves and Coinbase had refused to reimburse him.

Ferguson is said to have fallen prey to a type of identity theft known as “SIM swapping,” which allows fraudsters to gain control of a phone number by tricking the telecom provider into linking the number to their own SIM card.

This allows them to bypass any SMS 2FA on an account, and in this situation allegedly allowed them to confirm the withdrawal of $96,000 from Ferguson's Coinbase account.

Ferguson claimed he lost service after his phone was hacked on May 9, and noticed the funds had been taken from his Coinbase account after getting a new sim card and restoring his service as per instructions from his service provider T-Mobile.

T-Mobile was previously sued by a SIM-swapping victim in February 2021 following the theft of approximately $450,000 worth of Bitcoin (BTC).

Coinbase denied any responsibility for the hack of Ferguson’s account, telling him in an email that he is “responsible for the security of your e-mail, your passwords, your 2FA codes, and your devices.”

Related: Hacker returns stolen funds to Tender.fi, gets $97K bounty reward

Members of the crypto community were generally doubtful that Ferguson’s lawsuit would be successful, noting that Coinbase encourages the use of authenticator apps for 2FA rather than SMS and describes the latter as the “least secure” form of authentication.

Some Reddit users discussing the lawsuit in a post titled “Never Use SMS 2FA” went as far as suggesting SMS 2FA should be banned, but noted that it was the only authentication option available for many services, as one user said:

“Unfortunately a lot of services I use don’t offer Authenticator 2FA yet. But I definitely think the SMS approach has proven to be unsafe and should be banned.”

Blockchain security firm CertiK warned of the dangers of using SMS 2FA in September, with its security expert Jesse Leclere telling Cointelegraph that “SMS 2FA is better than nothing, but it is the most vulnerable form of 2FA currently in use.”

Leclere said dedicated authenticator apps like Google Authenticator or Duo offer nearly all the convenience of using SMS 2FA while removing the risk of SIM swapping.

Reddit users shared similar advice but added authenticator apps on phones also make that device a single point of failure and recommended the use of separate hardware authentication devices.

Court prolongs Tornado Cash developer Pertsev’s pre-trial detention

Canada Detains Teen for Alleged $36 Million Cryptocurrency Theft

Canada Detains Teen for Alleged  Million Cryptocurrency TheftA teenager has been arrested in Canada after committing what law enforcement officials in Ontario have described as the largest crypto theft by a single person. The Canadian is accused of stealing tens of millions of dollars through a SIM swap targeting a crypto holder in the U.S. Teen Arrested in Canada for Stealing Crypto […]

Court prolongs Tornado Cash developer Pertsev’s pre-trial detention

FBI Public Service Announcement Warns of ‘Increased’ Crypto ATM, QR Code Fraud

FBI Public Service Announcement Warns of ‘Increased’ Crypto ATM, QR Code FraudThe Federal Bureau of Investigation (FBI), America’s domestic intelligence and security service, has published a public service announcement concerning fraudulent schemes associated with cryptocurrency ATMs and QR codes. The FBI’s warning, published on November 4, highlights the presence of “scammers” directing their energy at unknowing victims. US Federal Agency Warns of Increase in Crypto ‘Scammers’ […]

Court prolongs Tornado Cash developer Pertsev’s pre-trial detention

FBI Warns Digital Currency Exchanges and Crypto Owners of Possible Threats

FBI Warns Digital Currency Exchanges and Crypto Owners of Possible ThreatsThe U.S. Federal Bureau of Investigation (FBI) issued an industry-wide warning about possible attacks on exchanges and crypto holders this week. The institution declared that there are threats actively tracking virtual asset platforms in order to take hold of these assets, causing financial losses in the process. Sim swapping, account theft and tech support staff […]

Court prolongs Tornado Cash developer Pertsev’s pre-trial detention