Hackers target 2FA codes of 20 crypto executives in sophisticated hack attack

Last Updated on 22 October 2020 by CryptoTips.eu

Hackers targeted about 20 crypto company executives with a sophisticated attack in September in order to steal their Two-Factor Authentication codes.

Cybersecurity publication Bleeping Computer revealed that the attackers managed to intercept two-factor authentication codes. This was achieved by exploiting a telecom protocol from 1975 called SS7.

This vulnerability in the protocol, allowed the hackers to take control over the Telegram and e-mail accounts of the executives.

The breach was discovered by cybersecurity firm Pandora Security which noted that the attackers spoofed the short message service center (SMSC) of a mobile network operator used by the targeted victims to request an update of their location.

The update asked the mobile network operator to reroute all voice calls and sms messages intended for the victims to a fake MSC, address allowing for the interception of the 2FA codes.

This was easy for the hackers as they knew all details required from their victims including numbers, email addresses and leaked passwords.

Victims belonged to Israeli telecoms company

The report noted that all 20 compromised devices belonged to Partner Communications Company and Israeli based telecoms provider. It is understood that the situation has been reported to Israel’s National Cyber Security Authority and its national intelligence agency Mossad.

At the moment, it is not known which crypto executives were the targets of this SS7 attack. Tsashi Ganot from Pandora Security believes that the telecommunication infrastructure of other countries might still be vulnerable to this type of attacks.

He urged government and telecom companies to update their network to prevent such sophisticated security threats.

Ganot further stated that the hackers goals were to obtain cryptocurrencies by using impersonation scam using the victims’ identities on Telegram accounts.

In some cases, the hackers posed as the victims in their [Telegram] accounts and wrote to some of their acquaintances, asking to exchange BTC for ETC. As far as we’re aware no one fell for the bait.

These SS7 attacks have a semblance to other forms of social hacking known as SIM-swap attacks that have been reported across the world.

Some U.S telecom providers have faced several high-profile lawsuits because SIM-swappers stole their customer’s cryptocurrency holdings. Crypto scams are getting rampant and Cyber-security agencies need to make upgrades to ensure customer data safety.