A teenager has been arrested by the Canadian police for reportedly stealing CA$46 million, or $36 million, in crypto from one investor from the United States.
Sim Swapper Teen Purchased Rare Username In Online Games With Stolen Crypto
Sim hijacking has proven to be a lucrative way for criminals to steal crypto worth millions of dollars from unsuspecting victims. The latest such case involves a teenager in Canada, whose case is presently before the country’s courts.
Hamilton police stated in a Wednesday press release that the crypto was stolen via a sim swap attack, in which the perpetrator swapped the victim’s mobile sim card with a fake to remotely intercept his identity, passwords, accounts on crypto exchanges, and two-factor authentication (2FA) security measures.
Heists of this nature are possible with the help of corrupt insiders (plugs) within a telecoms provider who help transfer the target’s phone number to a sim card owned by the hacker or through social engineering tricks.
According to the release, the teen had spent some of the cryptos to purchase an online username that is considered rare in the online gaming community. Investigators were prompted to unmask the account holder of the username by the suspicious transaction. The hunt for the sim swapper officially commenced in March 2020.
 
 
The arrest was made thanks to a collaborative effort between the Federal Bureau of Investigation (FBI), the U.S. Secret Service Electronic Crimes Task Force, and the Hamilton police.
It’s worth noting that this is the single largest crypto-related theft in Canada so far. Yet, sim swapping is hardly a new phenomenon and has been at the center of discussion among federal agencies since at least 2016.
It’s advisable for users to remove their phone numbers from centralized crypto exchanges, and store their assets in cold storage to avoid falling victim to sim swap attacks. An even better alternative might be utilizing a physical security key which makes it next to impossible for bad actors to access an individual’s valuable data.