Friday, 31 January 2020

I was targeted with a SIM-Swap Attack last night, I think I survived it (possibly related to the Gatehub hack)


It's 10 pm, I am watching BTC pump like a beast. Out of the blue, I get 3 consecutive text messages. Recovery code for yahoo, recovery key for Abra, And a Third one I wont name "No it's not Coinbase :)".All kinds of alarms went off in my head, I check my yahoo and my Abra account. All is good. No suspicious activity. I think to myself maybe someone is trying to brute force his way into those accounts. I start changing passwords.~20 minutes later, My wife calls me. On Facebook not the phone. she asks me whats wrong with my phone and if I had lost it because she tried to call me and couldn't reach me. And that she got an SMS on her phone saying my SIM card was reactivated or some shit like that. I glance at my phone an sure enough, I don't have service.At this point I realized I was being hacked, My body went numb and my heart skipped a few beats, I froze for a sec then I promptly asked my wife to call T-Mobile and ask them to disable the SIM-Card while I login to every one of my valuable accounts and lock/freeze them.A few minutes in and I am on Coinbase account and I move my BTC's to the vault (which would lock them for 48 hours if someone tries to withdraw them and would require a Co-Signer to fully release them) and then I head to the security settings to remove the phone number just incase. So I click where it says "Text message" and where it shows the phone # and it asked for my 2FA so I copy it and click Confirm and the next thing I know, My 2FA method is now using Text message instead of Google Authenticator and I realized that I had made a big mistake and basically gave my money to the scumbag attacking me o_OYes I did that, Accidentally!! Idk what it is, Pure adrenaline, stupidity or just paralyzing fear but it happened and I shot myself in the foot while trying to save my life lol.So now I am freaking out even more so I jump on google type "coinbase I am being hacked" or some shit like that, I click the first link that appears. It takes me to a coinbase.com extension page that had a ton of text on it but the only thing I read was the text highlighted in red "You will have to re-verify your identity to access the account again" or some shit like that. So I click it. Boom... I am locked out of my own account and so is the attacker yay :)I never did find the link to that page btw. I searched for it a lot and can't find it and have no idea what it was or what I typed in google to find it so if someone knows what that page is please post it in the comments so that others can have access to it if ever needed.~8 minutes after I initiated operation lock down my wife calls back to give me the good news, SIM-Card successfully disabled. I go through a holly fucking shit that's a relief moment then recompose myself and complete operation lock down all the way until basically I am locked out of every valuable account I own.All in all the attacker had a good ~25 minutes of unrestricted access to my phone number and he used this time to try and reset a yahoo, Abra and Coinbase accounts.However, We crashed his party and cut it short when we disabled the SIM-Card. We did it just in time too because I am certain, 5 more minutes and I would have been toasted and roasted and I would be darn close to being broke (too invested in crypto). The Abra account I know for sure I lost, But nothing else as far as I can tell.T-Mobile acted surprised of-course and said they would "investigate this", And the police were like "You didn't lose any money so, We ain't doing shit until some is stolen".Now here I am 48 hours with barely 6 hours of sleep obsessing over how can this happen, How is it possible. How did he know to target me and how did he know so much about me to pull this off.Several scenarios came to mind but they all require a great deal of skill and influence and are a bit far fetched, Except for this last one that I stumbled upon in the last 2 hours.​Avast SecurityThis is a screen shot from the avast security app and it shows that the primary E-Mail that I use was compromised/leaked more than once, However the most recent one is the one that caught my attention. Fucking Gatehub.I now remember that was stupid enough to register an account with them, Fully verified. Full legal name, Email, Phone #, Proof of residence, And even copies of my drivers license :(And that's more than enough for the attacker to pull this off and carry a successfully hack. He only needs to impersonate me when calling T-Mobile or have an inside man that works at T-Mobil. The only variable that he didn't have control of is how fast I notice and react to the hack to try and stop it.Now please forgive me for the horrible format and poor story telling skills because I have been up for 2 days now functioning on only 5 hours of sleep last night, I spent all of this time to Change passwords and revamp my security. This is a nightmare and it almost ruined my life. But the important thing is to tell my story and warn you guys to Take Steps protect yourselves because it is a real threat and you don't think YOU will be next until it happens to you.I think I dodged a bullet (more like a tank shill), But I won't know for sure until I take back complete control over my locked accounts.Finally, Here is a few things you can do to protect yourselves.If you ever used Gatehub, Assume that your info was leaked too and it is now in the hands of bad actors. Don't use that Email address of phone # that you used to register on Gatehub on any valuable accounts that you don't want to lose and remove them from any existing accounts.Contact your mobile service provider and establish a PIN or Administrative Block, And leave special instructions not to allow any changes to the account over the phone/Internet unless you go to the store and show some form of ID.Step #2 wont 100% protect you if whoever wants to attack you has an inside man, So never use your phone # as a recovery method for important/Valuable accounts. If SMS is the only recovery/2FA method available on the website you are about to use. DO NOT USE THAT SERVICE, Instead take your business somewhere else where they have better security option.Use separate/dedicated E-Mail addresses for accounts that are important and are valuable and make sure the E-Mail service provider has good security measures/options. U2F hardware tokens, authenticator apps, Pr-Generated one time codes. ETC. No phone numbers.This What to do when sim swapping happens to you Is an excellent resource and a must read on how to handle it if you were a victim, And what to do to avoid BEING a victim.Get A Trezor, And control your own keys and never leave significant amounts of money on an exchange no matter how safe and secure it seems. This one should have been #1 but to avoid changing the original thread to much I chose to amend the list.There is a lot more you can do to protect yourself but these are the only ones that I can remember now and I am sure readers will share other ways to secure our shit too and I will add them as they are shared :)And finally, 15 days later.My security is revamped and under super tight control and I got myself a Trezor Model T and my corns and funds are safu :)Thank you if you have made it this far :)I wish you the best and hope you never have to go through some shit like this ever in your life :)TL;DRI was targeted with a SIM-Swap Attack last night because my personal info was leaked on Gatehub and partly because of my poor, lose and careless security habits. I survived the attack without any losses (hopefully) by reacting and disabling my SIM-Card in time before the attacker got to my accounts.Disclaimer: This is a re-post, I posted and deleted the original thread 14 days ago because I was afraid I gave out too much information and I was still in disbelief :) via /r/Bitcoin http://bit.ly/2tdKj0M

No comments :

Post a Comment