Fake IDs were used to request new SIMs from phone providers

Nov 6, 2018 20:26 GMT  ·  By

A group of eleven Turkish individuals stole roughly $80,000 in cryptocurrency from multiple crypto exchange customers by convincing phone providers to send them SIMs with the victims' phone numbers and using them for 2FA authentication to compromise their targets' accounts.

"Apparently fake IDs were prepared for this operation, according to local crypto media, with the thieves pretending the victim’s phone was stolen," as reported by Trustnodes.

Moreover, "They then managed to persuade phone providers to send them a new sim with the victim’s phone number. The real owner’s sim card was canceled."

Once the targets' phone numbers were in possession of the crooks, they used them to reset the victims' account passwords and subsequently to get away with around $80K worth of cryptocurrency after transferring the funds to their own accounts.

The police tracked them down using IP addresses provided by the crypto exchanges they stole the cryptocurrency from and arrested them after raiding a location where "18 mobile phones, 20 flash memory drives, 5 laptops, 3 disks, 2 fake driver’s licenses and many fake IDs and cards" were found.

The criminal group pilfered $80K worth of crypto before being caught by Istanbul’s Cybercrime Division 

Out of the eleven individuals taken into custody by Turkish police, ten of them are still being held under arrest, and the eleventh has been released on bail.

Although the operation seemed to be quite complex and very well organized given the high complexity of the attack and the chain of multiple techniques used to compromise 2FA protected crypto exchange accounts, the crooks did not use any IP hiding methods to prevent being so easily tracked and located by Istanbul’s Cybercrime Division.

"The ease with which these thieves were able to gain access to someone else’s phone number, however, is highly concerning," said Technodes report.

Therefore, this is "Raising basic questions such as why are claimed lost sim replacements being send to addresses not on record."