Skip to content

I was targeted with a SIM-Swap Attack last night, I think I survived it (possibly related Gatehub hack)

  • 6 min read
  • Latest

I was targeted with a SIM-Swap Attack last night, I think I survived it (possibly related Gatehub hack)

It's 10 pm, I am watching BTC pump like a beast. Out of the blue, I get 3 consecutive text messages. Recovery code for yahoo, recovery key for Abra, And a Third one I wont name.

All kinds of alarms went off in my head, I check my yahoo and my Abra account. All is good. No suspicious activity. I think to myself maybe someone is trying to brute force his way into those accounts. I start changing passwords.~20 minutes later, My wife calls me. On Facebook not the phone. she asks me whats wrong with my phone and if I had lost it because she tried to call me and couldn't reach me. And that she got an SMS on her phone saying my SIM card was reactivated or some shit like that. I glance at my phone an sure enough, I don't have service.

At this point I realized I was being hacked, My body went numb and my heart skipped a few beats, I froze for a sec then I promptly asked my wife to call T-Mobile and ask them to disable the SIM-Card while I login to every one of my valuable accounts and lock/freeze them.

~5 to 8 minutes after I initiated operation lock down my wife calls back to give me the good news, SIM-Card successfully disabled. I go through a holly fucking shit that's a relief moment then recompose myself and complete operation lock down all the way until basically I locked out of every valuable account I own.

All in all the attacker had a good ~25 minutes of unrestricted access to my phone number and he used this time to try and reset a yahoo, Abra and Coinbase accounts.

However, We crashed his party and cut it short when we disabled the SIM-Card. We did it just in time too because I am certain, 5 more minutes and I would have been toasted and roasted and I would be homeless living under a bridge (Not even exaggerating). The Abra account I know for sure I lost, But nothing else as far as I can tell.

T-Mobile acted surprised of-course and said they would "investigate this", And the police were like "You didn't lose any money so, We ain't doing shit until some is stolen".

Now here I am 48 hours with barely 6 hours of sleep obsessing over how can this happen, How is it possible. How did he know to target me and how did he know so much about me to pull this off.

Several scenarios came to mind but they all require a great deal of skill and influence and are a bit far fetched, Except for this last one that I stumbled upon in the last 2 hours.

Avast Security

This is a screen shot from the avast security app and it shows that the primary E-Mail that I use was compromised/leaked more than once, However the most recent one is the one that caught my attention. Fucking Gatehub.I now remember that was stupid enough to register an account with them, Fully verified. Full legal name, Email, Phone #, Proof of residence, And even copies of my drivers license 🙁

And that's more than enough for the attacker to pull this off and carry a successfully hack. He only needs to impersonate me when calling T-Mobile or have an inside man that works at T-Mobil. The only variable that he didn't have control of is how fast I notice and react to the hack to try and stop it.

Now please forgive me for the horrible format and poor story telling skills because I have been up for 2 days now functioning on only 5 hours of sleep last night, I spent all of this time to Change passwords and revamp my security. This is a nightmare and it almost ruined my life. But the important thing is to tell my story and warn you guys to Take Steps protect yourselves because it is a real threat and you don't think YOU will be next until it happens to you.

I think I dodged a bullet (more like a tank shill), But I won't know for sure until I take back complete control over my locked accounts.

Finally, Here is a few things you can do to protect yourselves.

  1. If you ever used Gatehub, Assume that your info was leaked too and it is now in the hands of bad actors. Don't use that Email address of phone # that you used to register on Gatehub on any valuable accounts that you don't want to lose and remove them from any existing accounts.
  2. Contact your mobile service provider and establish a PIN and special instruction not to allow any changes to the account over the phone/Internet unless you go to the store and show some form of ID.
  3. Step #2 wont 100% protect you if whoever wants to attack you has an inside man, So never use your phone # as a recovery method for important/Valuable accounts. If SMS is the only recovery/2FA method available on the website you are about to use. DO NOT USE THAT SERVICE, Instead take your business somewhere else where they have better security option.
  4. Use separate/dedicated E-Mail addresses for accounts that are important and are valuable and make sure the E-Mail service provider has good security measures/options. U2F hardware tokens, authenticator apps, Pr-Generated one time codes. ETC. No phone numbers.
  5. I forgot to mention, If you use Coinbase and hold any substantial amount of crypto on it consider downloading the Coinbase Wallet app on your phone and transferring your coins to it. It's a Decentralized app that lets you control your own keys which eliminates a lot of the external threats to your corns.

There is a lot more you can do to protect yourself but these are the only ones that I can remember now and I am sure readers will share other ways to secure our shit too and I will add them as they are shared 🙂

TL;DR

I was targeted with a SIM-Swap Attack last night because my personal info was leaked on Gatehub and partly because of my poor, lose and careless security habits. I survived the attack without any losses (hopefully) by reacting and disabling my SIM-Card in time before the attacker got to my accounts.

submitted by /u/Squeaky-Bed
[link] [comments]