FBI warns cryptocurrency owners, exchanges of ongoing attacks

The Federal Bureau of Investigation (FBI) cautions cryptocurrency owners, exchanges, and third-party payment platforms of risk actors actively targeting virtual assets in attacks that can lead to considerable financial losses.
The FBI provided the caution via a TLP: GREEN Private Industry Notification (PIN) designed to offer cybersecurity specialists with the info required to appropriately defend versus these continuous attacks.
Several techniques utilized to ransack crypto-wallets
According to the FBI, attackers are utilizing a number of tactics to launder and take cryptocurrency, including technical support scams, SIM switching (aka SIM hijacking), and taking control of their targets cryptocurrency exchange accounts through identity theft or account takeovers.
The taken cryptocurrency properties are commonly laborious to track as soon as moved to attacker-controlled crypto-wallets, making it tough for law enforcement agents to recuperate the taken funds, which causes increased financial loss.
During the last year, in between May 2020 and May 2021, the United States security service observed and received reports from victims concerning cybercriminals taking cryptocurrency after:
acquiring access to victims crypto exchange accounts after bypassing two-factor authentication
impersonating payment platforms or cryptocurrency exchange support personnel in telephone call started by victims of online tech assistance frauds
SIM swap attacks targeting the clients of numerous phone carriers
The FBI encourages financial organizations that might be targeted in similar attacks to inspect for mails coming from spoofed email addresses and keep track and display recently produced accounts.
Cryptocurrency owners are likewise motivated to allow multi-factor authentication (MFA) on all their cryptocurrency accounts, reject requests to download and utilize remote access applications, and always contact exchanges and payment business by means of main telephone number and e-mail addresses.
The FBI provided another SIM swapping alert in March 2019 after a boost in SIM hijacking incidents with assistance on safeguarding versus such attacks.
The FTC likewise provides comprehensive information on preventing SIM hijacking, protecting personal details on your phone, and keeping individual info protected online.
SIM swapping: a cryptocurency burglars favorite tactic
SIM swap fraud (likewise referred to as SIM hijacking, SIM splitting, or SIM jacking) a type of account takeover (ATO) fraud through which fraudsters take control of a targets contact number(s).
This is attained by persuading the victims phone service companies to swap the telephone number to attacker-controlled SIM cards by utilizing social engineering or with the aid of a paid off worker.
After the port, the assaulters will be the ones receiving the victims messages and calls, making it simple to bypass SMS-based MFA, take user credentials, and, in the end, taking control of their online service accounts.
Later, the criminals can log into their victims bank or cryptocurrency exchange accounts to take cash and virtual possessions, and lock the victims out of their accounts after altering the passwords.
In February, United States telecommunications provider T-Mobile divulged a data breach after numerous its clients were targeted and impacted in SIM swap attacks.
In 2015, Europol collared suspects part of 2 other criminal gangs who stole millions in SIM switching attacks.
Previously this year, ten guys implicated of a being port of criminal gang involved in series of SIM switching attacks targeting prominent victims in the United States were likewise jailed in the UK, Malta, and Belgium.