Bitcoin is such a prime possession; criminals will actively look for new ways to ensure they can steal funds from other users. Jered Kenna, a prominent name in the world of cryptocurrency, has been keeping most of the funds offline since day one. However, when passwords of this email addresses were reset, and this phone number suddenly belonged to another carrier, fear started setting in. As it turned out, a lot of Bitcoins ended up getting stolen in the end.
Phone-based 2FA Is Never A Good Idea
Criminals can obtain a lot of personal information about individual users if they want to. Retrieving one’s phone number may seem inconspicuous at first, but it has severe consequences in the long run. Through social engineering and other undisclosed hacking methods, criminals can use the phone number to obtain other sensitive information.
In the case of Jared Kenna, they used this information to switch this phone number to a different provider. In this case, that carrier was linked to a Google Voice account, which gave hackers full control over Kenna’s incoming calls and text messages. This also allowed them to reset account passwords by having codes sent via SMS, including the passwords to this email accounts.
But that was only the beginning, as Kenna quickly found himself locked out of his own bank accounts, PayPal credentials, and Bitcoin services. What is rather distressing, however, is how the no longer had access to this Windows account either, as this Bitcoin wallet’s private key was stored there.
Keeping a Bitcoin wallet on an encrypted hard drive is a good security practice. The average cryptocurrency user does not take these precautions, even though they usually should. Keeping that wallet offline is of the utmost importance, but at some point, users will look to sell their cryptocurrency.
Once Kenna started selling off small amounts of Bitcoin, the hackers struck. This is despite securing the wallet with a 30-character password, but it turned out not be enough. Security in the modern world relies on using different additional tools to provide security, but they all present a weak link of their own. In his case, a phone number can be used to cause a lot of havoc in quick succession.
It is important to note relying on two-factor authentication through SMS codes is not native to just cryptocurrency. A lot of social media platforms, banking services, and online payment platforms use this method of verification. Unfortunately, it appears this is far from a secure solution.
Header image courtesy of Shutterstock