Hackers are identifying bitcoin and other virtual currency investors and users online, figuring out which telecommunications provider they use, and convincing a cell provider customer service agent to transfer the number to a provider and device under the hacker's control, Forbes has reported. Most virtual currency wallets require users to confirm their identity with their phone number through two-factor authentication, so a hacker can steal a person's bitcoin once they successfully port a number to their own device and change the password to the person's virtual currency.
Bitcoin investors are losing millions in the new scam, the The New York Times reports.
Joby Weeks, a bitcoin entrepreneur, tells the Times that he lost almost a million dollars in virtual currency after hackers swiped his mobile number. Weeks says the digital heist came after he asked his phone company to add extra layers of security.
"Everybody I know in the crypto-currency space has gotten their phone number stolen," Weeks tells the Times.
Virtual currency transactions are irreversible, so victims have no recourse. Bank accounts and investment accounts are not as vulnerable to this attack, the Times reports, because traditional financial institutions are able to reverse malicious transactions if caught in time.
According to data from the Federal Trade Commission, reported by the Times, the number of "phone hijackings" has been rising over the past few years. In January 2013, there were 1,038 reported phone number hijackings reported; by January 2016, there were 2,658.
Coinbase, which is one of the most popular bitcoin wallets, is now telling its users to disconnect their cell numbers from their accounts.
Richard Young, a Verizon spokesman, told the Times these types of identity thefts are still fairly uncommon.