This is a fine example why nobody should rely on SMS "2FA" for anything.<p>SMS "2FA" is not actual 2FA<p>SS7/PSTN are horribly broken. People need to stop using them entirely, whenever possible, and stick to that as a firm principle. For the same reason why scam calls and fake caller ID are epidemic. Just disregard the <i>existence</i> of the PSTN, even if your phone has a DID, never give it to anyone or use it for anything. I say this as someone who's worked in telecom for 20 years.<p>Social engineering mobile phone operator customer service departments to execute a SIM swap attack is trivially easy if you already possess some basic personal info about the target.<p>You should never rely on having something important that's only protected behind a SMS-based password reset/login authentication module.
For those without subscriptions.
<a href="https://outline.com/3CRjpe" rel="nofollow">https://outline.com/3CRjpe</a><p>><i>That post has since been taken down, but many comments included criticism for leaving such a large amount of Bitcoin accessible on a phone.</i><p>Not to victim blame, but it really is odd to me that someone would leave any amount of BTC on their phone, let alone millions of dollars worth.<p>><i>The Hamilton teen faces charges of theft over $5,000 and possession of property or proceeds of property obtained by crime</i><p>I've always wondered why the line is drawn at $5,000. It's mildly interesting that stealing $46M and stealing $5,000 result in equivalent charges.
If you're going to steal a large amount of Bitcoin, you should probably have a plan on what you're going to do with it that doesn't include buying a gaming username that can be trivially traced back to you once you use it.
Is this Hamilton, Ontario, Canada?! Unclear<p>Also, Josh Jones, the founder of DreamHost? wow. heh<p><i>Edit</i>: Sorry, because I read it on outline/archive I didn't see the glaring Hamilton Spectator logo at top and related Canada nav. Thanks
"leaving such a large amount of Bitcoin accessible on a phone"<p>"A SIM swap attack [...] gives the hacker access to the victim’s phone"<p>Is it just me or this article massively misrepresenting what a SIM swap attack actually does? Unless there's more to the story, no one got access to Jones' phone. They intercepted 2FA SMSes so they could get access to a wallet service or whatever.
It's easy to steal bitcoin (for some definition of easy).<p>The hard part is cashing it out. As Breaking Bad used to say, what criminals want is to pay taxes on their criminal proceeds.
He should have run just a failed ICO and pocketed the funds as fees to related parties. I understand this is how Metakoven, the NFT king, got his start? <a href="https://www.reuters.com/investigates/special-report/finance-crypto-sundaresan/" rel="nofollow">https://www.reuters.com/investigates/special-report/finance-...</a><p>Better to claim incompetence than it is to actually steal.
another bitcoin bandit bites the dust.<p>I bet he bought an xbox gamertag from the most recent exploit.<p>These kids really do think the 3 letter agencies arent watching, no matter how many of their close friends get v&.<p>The blockchain is forever, and the statue of limitations no longer applies.<p>That verizon/att employee from 2018 will get caught, he will give up an alias, and the feds are interested, now that the coins have value.<p>and assuming the feds arent dirty (they are), you have 5 years to run. If the fed assigned to your case decides he wants the coin personally, you have 5 monthes.
If you own a lot of crypto and it's still protected by SMS auth, you need to disable that (edit: in favor of OTP). If you can't, you need to buy a dozen prepaid sim cards and use them randomly. Or pay someone to do it for you. Very cheap in comparison to a theft.
Honest question:<p>We are all the bitcoin multi-millionaires storing their coins? It seems like in an ideal world, you would use <a href="https://trezor.io" rel="nofollow">https://trezor.io</a> and put that in a safety deposit box, or maybe use Coinbase Vault, but I am generally curious what is the current consensus on the safest ways to store these piles of digital money.
So some exchanges use TOTP 2FA (which is more secure than SMS). And some people like to copy their 2FA 'seed' which is usually a QR code that they store somewhere securely. Amazing how a simple QR code (or even a recovery code) can be worth so much.
> "Just the fact that everyone on earth thinks that Bitcoin is crazy, and no one is telling me why, doesn’t matter,”<p>Says the biggest known victim of a crypto heist in a private person.<p>Ain't this ironic.<p>I guess I should spell out that centralization is a feature?