Bitcoin peer-to-peer (BTC) exchange HodlHodl failed when it seemed like a prankster used a SIM attack to make the seller believe he would get the money.
This episode was reported on June 2 by a Reddit user called Gandeloft. According to the victim, he wanted to pay off his Bitcoin savings with 0.1747 BTC, worth $ 1,677 at the time of printing. On the HodlHodl platform, he found a trader willing to offer 1,650 euros, or 1,848 dollars, for bitcoins. It appears to have been higher than the current market price at the time due to the surprising trend of bitcoin, which it has witnessed changed its profit in less than 24 hours.
The buyer suggested using Revolut to locate the transaction and request the victim's phone number to pay. The victim then received a realistic text message, allegedly from Revolut, stating that the broadcast was pending review and would be deleted within a few hours due to “site differences”.
At first glance, the message came from the same identifier that sent the two-factor authentication codes, making them real. Until the user saw the funds in the Revolut app, the hustler successfully pushed the victim to release the BTC from the lock.
The victim told Cointelegraph that Revolut confirmed that there were no text messages from her, and that the HodlHodl trading platform refused to provide additional data that could help catch the criminal. According to the victim, the platform replied: “We do not provide information about our users. You can call your bank and find out all the details. But in this case, there were no traceable bank transactions.
Cointelegraph requested a comment from Revolut and HodlHodl, but did not receive an immediate response.
SIM attacks are becoming more and more common
It is generally easy to recognize phishing attacks, but the ability to impersonate official addresses can increase their credibility. The SIM card is relatively easy to fake and very difficult to detect, although details vary from country to country. However, carriers can understand the true origin of fake SMS.
Mobile networks are also vulnerable to a more serious attack called SIM card replacement. You can do this by tricking technical support by switching phone numbers with another provider, although there are several other methods.
BlockFi loan provider recently got a data leak when the employee's phone number was exchanged to access the internal records.
For many years, Exchange users have also experienced such attacks, with a prominent case leading to an estimated loss of $ 24 million as a result of the exchange of SIM cards on the AT&T network.