Seth Shapiro, an AT&T user had their cryptocurrency stolen during a heist thanks to AT&T handing over control of the victim's cell phone number during a robbery.
Roughly $1.9 Million USD of various cryptocurrencies were stolen when an AT&T staff member ported a number to a hacker's SIM card.
Any second-factor authentication that uses SMS is at risk for this to happen as support staff can be easily convinced to port user numbers to criminals SIM cards. Once they have a clone of the victim's SIM, they are able to confirm SMS security prompts to gain access to Exchanges, Banks, and various critical services.
With Crypto, there is nothing you can do to recover funds sent through exchanges and even personal wallets. There have been numerous cases of victims and their family members being threatened at gunpoint to give over hardware wallet passcodes.
Seth Shapiro is suing AT&T for enabling the theft of his tokens. AT&T was sued in 2018 by another victim under a similar situation. In the previous case, Michael Terpin lost over $24 Million USD in cryptocurrency. Michael Terpin won a judgement for $75.8 Million dollars against the hacker, but will not likely recover any funds as a result of the judgement. He is also suing AT&T who enabled the theft which is still in process. In February, a judge granted Michael Terpin permission to proceed with the lawsuit against AT&T. Michael's lawsuit is for $200 Million dollars in punitive damages.
Seth has been unable to obtain approval by a judge to move forward with his case against AT&T.
In both cases, AT&T was asked to be special protections on their account to prevent this situation. Any customer can contact their mobile provider to request additional security on critical account changes and this it is highly suggested you do so, even if it may not work every time.
Ultimately, it is down to the low paid and poorly trained support rep that takes the call, or the next one that takes the second and third call if the hacker is unsuccessful. With security, you have to win every battle where the hacker only has to win once.
""AT&T failed to implement sufficient data security systems and procedures and failed to supervise its own personnel, instead standing by as its employees used their position at the company to gain unauthorized access to Mr Shapiro's account in order to rob, extort and threaten him in exchange for money,"
- Seth Shapiro's Lawsuit Filings
AT&T is, of course, trying to get the case dismissed, while unsuccessful so far, they have prevented Shapiro from getting approval for his case. This will likely go on for years until a settlement is reached or Shapiro is unable to continue paying his legal services.
According to an interview with CoinTelegraph, Seth's tokens were around 1,200 Ethereum stolen from his Bittrex account, around $400,000 was stolen from Wax Cryptocurrency account, and almost $1M USD worth of crypto for a project he was working on.
Bitcoin Billionaires, Ben Mizrahi's book on the Winklevoss twins after their settlement with Zuckerberg and Facebook, has a chapter on how they flew around America each depositing parts of their keys in seemingly random and unconnected small branches of different banks in safety deposit boxes for the bitcoin wallets that they were storing 10's of millions of USD worth of Bitcoin at that time.
It seemed like overkill then... they were spending millions at $7 to $10 per BTC.
Here in Israel, way too many government services can be reached by knowing your ID number and your mobile phone number. If you have access to a cloned mobile number (and I'm pretty sure this isn't that hard to do here) you're in trouble.
Part of the problem is that services still offer SMS as a two factor... That said, I can imagine the pain of mass adoption of time based authenticator codes for everything. We have it across the board for banks in Europe... But I can imagine the amount of locked out accounts or lost keys because people have no systemic way to back up.
SIM cards are going to get hot in the privacy and net neutrality debates.
Very weird fishy story ...🤔
Not like any random cryptos Hodler
Yeah , sms is weak when you Hodl so much , counting on your phone
Sounds almost like a bad joke
Hey since you use Leo related tags maybe you want to publish your crypto/finance related posts through the native leointerface. Here's why:
First, there is now a 10 % tax for posts not through leofinace
https://leofinance.io/hive-167922/@steem.leo/native-leofinance-content-now-earns-10-more-leo-a-few-interface-updates
Also, it helps a lot with the seo of leofinance. Which means more traffic, which means more ad revenue for leo burns, which means a higher token price, which means more money for you, lel. Please see the following for more info:
https://leofinance.io/hive-167922/@steem.leo/why-posting-from-leofinance-is-one-of-the-best-ways-to-grow-our-token-and-community
https://leofinance.io/hive-167922/@steem.leo/new-model-for-leoads-or-burning-leo-with-ad-revenue
TDR. You get more leo. Leo gets more expensive and more leo are burned. We all get a lambo.
Posted Using LeoFinance
I always forget as I don't always post LeoFinance type of stuff.
So what is the best choice for two factor auth?
I suggest using a private and secure email provider for your two-factor authentication.
Tutanota (based in Germany) and ProtonMail (based in Switzerland) already are very secure and have strong privacy protections, but CTemplar (based in Iceland) offers the strongest protections (but comes at higher costs). Just don't forget your passwords there though, as nobody can recover them for you.