What Is SIM-Swapping? Hackers Allegedly Stole $100m in Cryptocurrency From Celebrities

Eight men suspected of stealing over $100 million worth of cryptocurrencies from internet influencers, sport stars and musicians were arrested on Tuesday following a year-long investigation by multiple policing authorities.

a group of items on a table: A picture taken on Februrary 27 ,2015 in Lille, northern France, shows cellphone sim cards.

A picture taken on Februrary 27 ,2015 in Lille, northern France, shows cellphone sim cards.

The cybercriminal gang was dismantled this week after members targeted “thousands” of victims in the U.S. last year via “SIM-swapping” attacks, which are used to infiltrate mobile apps or online accounts by abusing a smartphone’s phone number.


Load Error

The European law enforcement agency Europol said a probe was launched last spring and uncovered a network of around a dozen coordinated criminals.

In a “SIM-swap” scheme, criminals can intercept sensitive information by taking over a victim’s phone number associated with their device’s SIM card. They deactivate the SIM card and port its number to a new one controlled by a member of the gang.

Experts say the swapping process is often done by a hacker impersonating the owner and contacting the phone service provider to request the change. It is also aided by phishing attacks to obtain personal information, or corrupt insiders.

Broadly, after gaining control over the number, hackers can change passwords of apps and be sent codes needed to reset account credentials. After changing the codes, the criminals have access to online banking, email and social media profiles.

“This enabled them to steal money, cryptocurrencies and personal information, including contacts synced with online accounts. They also hijacked social media accounts to post content and send messages masquerading as the victim,” Europol said.

The identities of the victims were not released. Europol said additional members of the gang were recently detained in Malta and Belgium. The policing agency urged anyone concerned about the hack not to link their phone number to online accounts.

The National Crime Agency (NCA), which led the U.K.-side investigation into the attacks, said the arrested men were aged between 18 and 26 and had been detained in England and Scotland. Like Europol, it did not reveal the…