Hackers Have Stolen Millions In Bitcoin Using Only Phone Numbers

[HardOCP News]

I don't know why people insist on calling these crooks "hackers." Scammers have been pulling this type of scam for years. The only thing that makes this case different is that crooks don't usually get access to millions of dollars worth of bitcoins. Thanks to cageymaru for the link.

A hacker had faked his identity and transferred his phone number from T-Mobile to a carrier called Bandwidth that was linked to a Google Voice account in the hacker’s possession. Once all the calls and messages to Kenna’s number were being routed to them, the hacker(s) then reset the passwords for Kenna’s email addresses by having the SMS codes sent to them (or, technically, to Kenna’s number, newly in their possession). Within seven minutes of being locked out of his first account, Kenna was shut out of of up to 30 others, including two banks, PayPal, two bitcoin services — and, crucially, his Windows account, which was the key to his PC.

 

[tunatime]

this is why you keep them in cold storage on a usb stick in a bank

 

[TheLAWNoob]

The problem would be allowing remote access to the PC that you store your wallet in.

I tried reading the article for more info, but I actually lost some knowledge by reading it.

 

[EODetroit]

I mean, a stupid How To (albiet nsfw) Video like this one would have protected him:

Also, some security is not better than no security if it gives you a false sense of security to the point that you lose easily millions of dollars of bitcoin because you thought you were protected by it.

 

[thesmokingman]

I don't know why people insist on calling these crooks "hackers." Scammers have been pulling this type of scam for years. The only thing that makes this case different is that crooks don't usually get access to millions of dollars worth of bitcoins. Thanks to cageymaru for the link.

That is a hack though, a social hack.

 

[sleepeeg3]

How the hell does T-Mobile let this happen? This seems dangerously easy to accomplish, if true. Don't they require your social security #, credit card number, etc.? This trick could be used for far worse.

 

[EODetroit]

How the hell does T-Mobile let this happen? This seems dangerously easy to accomplish, if true. Don't they require your social security #, credit card number, etc.? This trick could be used for far worse.

All it takes is one bad or new or tired agent, a social-engineer/hacker will just keep calling. Are you really going to put your security in the hands of someone making less money per hour than Bernie Sanders wants as the minimum wage? 'Cause that's what this guy did.

 

[B00nie]

Easy come easy go... The whole bitcoin thing is just nuts.

 

[Deleted member 184142]

How the hell does T-Mobile let this happen? This seems dangerously easy to accomplish, if true. Don't they require your social security #, credit card number, etc.? This trick could be used for far worse.

They stated the person faked their identity, if you have the right information ANY service will let you do whatever, most just want name, DOB and maybe last 4 of SSN. This is why you call your service providers and tell them you want to setup a lock or password for the account, meaning even people calling in have to give the normal information AND your password to make any changes. The other issue they had was not using a two factor generator and allowed the use of texts, which can be stolen like in this case, or others who have codes emailed (even worse), which if the email is hacked they then can get into anything else linked to that email etc etc. This is why those generators are nice, you have to have access to the phone it's on to be able to get in or if the service supports YubiKeys.

 

[PaulP]

"Social-engineers", "hackers", "scammers", bah! In my day we just called them con-men.

 

[Bowman15]

this is why you keep them in cold storage on a usb stick in a bank

I keep my money in the bank without the need to rent a storage bin plus count on a USB stick that might go bad or unreadable.

 

[DeathFromBelow]

I use real money and keep it in a bank. It's worked out fine so far. I even get some free stuff for using my debit card.

Whatever happened to our local gang of Bitcoin Believers?

 

[nysmo]

How the hell does T-Mobile let this happen? This seems dangerously easy to accomplish, if true. Don't they require your social security #, credit card number, etc.? This trick could be used for far worse.

There's audio recordings on youtube of people successfully pulling this stunt, most notably all with Tmobile I think. They just call the general Tmobile customer support # and claim they work in an independent Tmo franchise or something and thats it. I think whats going on is that phone carriers arent used to being scammed like this so the people they have staffed in these positions are just completely ignorant of these kind of schemes. They havent been trained in regards to any kind of security, so if someone calls and says "hey i need you to change my sim from X to Z" they just go ahead and do it, it's laughably easy.

 

[Retronym]

I use real money and keep it in a bank. It's worked out fine so far. I even get some free stuff for using my debit card.

Whatever happened to our local gang of Bitcoin Believers?

Still here. Bitcoin is doing very well. It's at $862 at the time of this post. It was in the $200's earlier in the year.

Each time the Yuan was devalued this year a billion dollars went into the btc ecosystem. India declared their two largest bills no longer legal tender (with 4 hours notice).

People in India died because they couldn't get money out of the overwhelmed banks for medicine. Bitcoin is doing well there, with a hefty 20% premium.

Venezuelans are starving, but the socialist free electricity has some risking life in prison to mine and sell Bitcoin so people can buy food.

You need to understand that a country like the U.S. has more of an inflation hedge use case than countries with evil left wing dictators with failing fiat currency. People in those places also have a need to transact with merchants who have no reason to transact in the failed local currency.

In other words, tell a Venezuelan to keep their money in the bank and get laughed out of the room. Or Greece, Spain, Zimbabwe, Ukraine, etc, etc.

 

[Rustynuts]

 

[Retronym]

 

[drakken]

technically it is not currency it is a bond note. It has all the problems of bearer bonds, with the added issue of there is no paper record in most cases. At least when you cash those in they have to document it for the IRS. Of course you have to do that a bank, where any transaction over a thousand dollars is noted with your social security number or driver's license number. It used to be twenty five hundred but people simply transferred less money at one location to stay off the notice of the irs.

All customer service used to have be bonded by a third party company for a thousand dollars of risk in 1980. Not sure when that ended but someone claimed they came from the wrong neighbor and could not get bonded to work at a convenience store in another neighborhood, which is the oldest challenge I could find. Now you have a dozen companies that use Skype to hide the fact they are calling form a foreign country to set up scams. I have a skype number and it was one I got from using my girl friends house to get the number she was living in Malibu at the time and to get those you had to be on the districts list of residents, then someone screamed that they should not have to wait and someone snickered at their were houses for sale there. I think they still managed to confuse the prefix but mostly it seems that most of the problems really do keep going back to someone wanting to outsource the customer service to a foreign country or at least someone who could care less about the people the business serves. The USA really needs to simply stop using foreign customer service for local businesses. If I want to buy silk from china I have to deal with customer service in china but really why am I calling china or India for my phone support. Better question since there are laws against transferring someone's phone number for ninety days after the line is turned off how are customer service able to transfer numbers to another company with out a waiting period while the number is not in use? I know I got attacked because I was out of the country and several phone companies not just T-Mobile simply used the data from the yahoo hacks to target profiles on facebook to find out the numbers they needed to cut lines of communication for people have relationship problems or simply having to work in a another state or country from their significant(s) other, and or family. I know people love swapping phone companies to buy a new phone or get a cheaper plan but most people don't just drop everything and change providers unless they are moving and there is no service in the new area.

Either way people should have to be finger printed just like for selling insurance, and pass an ethic's exam before being allowed to access any personally identifying material like a customer service person who deals in phone numbers, bank accounts, etc... real estate agents have to be finger printed but many could not pass an ethic's exam if their life depended on it but many are nice people. So my guess is most of the customer service issues is someone gets hired by the companies to cut costs and they fire the honest people and then the company folds but the unethical people that kept their jobs go to other companies and spread the damage until half the companies in the USA and likely all over the world are burdened with at least one person who knows they will get fired if people find out they just sit around messing with people's lives so try to make sure that HR and CS are loaded down with people would are working so not enough money or have enough safety in their job to point out what is going on.

 

[B00nie]

Still here. Bitcoin is doing very well. It's at $862 at the time of this post. It was in the $200's earlier in the year.

Each time the Yuan was devalued this year a billion dollars went into the btc ecosystem. India declared their two largest bills no longer legal tender (with 4 hours notice).

People in India died because they couldn't get money out of the overwhelmed banks for medicine. Bitcoin is doing well there, with a hefty 20% premium.

Venezuelans are starving, but the socialist free electricity has some risking life in prison to mine and sell Bitcoin so people can buy food.

You need to understand that a country like the U.S. has more of an inflation hedge use case than countries with evil left wing dictators with failing fiat currency. People in those places also have a need to transact with merchants who have no reason to transact in the failed local currency.

In other words, tell a Venezuelan to keep their money in the bank and get laughed out of the room. Or Greece, Spain, Zimbabwe, Ukraine, etc, etc.

Oh wow. So bitcoin is doing strong in all the cesspools of the planet. Sounds promising - NOT!

How can they buy food with virtual currency that nobody accepts in the food stores? LOL! It's only used by criminals for drug trafficking.

 

[Retronym]

They are criminals for not using the inflated currency. So they can feed their families.

So in one sense you are right.

There is an entire black market for food because the government forbids other nations currencies. I hope you have the ability to see why they are doing nothing wrong.

And I'm agreeing with you in recognizing the utility of evading evil governments. I'm not sure why you would make fun of something that literally saves lives, but do remember that a high price in one part of the world does have a positive impact on the price elsewhere.

I would recommend research before trying to cast further dispersion. That was embarrassing.