How Veteran Investor Lost $350,000 in Crypto
The cryptocurrency market is all used to hacks “as usual”, taking advantage of various vulnerabilities of a system or exchange to take away hundreds of millions of dollars in asset value, such as hacks. bridge Binance not long ago.
Even so, the 350,000 hack that happened to Eric Falkenstein, a veteran investor in the market, shows that the experienced can still lose money in this market, despite strict adherence to protocols such as secrecy. information and multi-factor authentication (MFA).
“I have been following Eric Falkenstein for over 10 years now, he is a qualified financial blogger and an early crypto investor,” said Dr. Le Hong Giang, financial analyst and investment director at Tactical Management Global, share with Zing.
Coinbase, Kraken, Gemini, etc. accounts are generally considered secure if users adhere to security protocols. Image: Finbold.
The hack that happened to an experienced person like Falkenstein, although not in the millions of dollars like the cases that are often noticed, has made many crypto investors, who think their assets are safe. All in the wallet, must be startled.
On the morning of April 4, Eric could not access his Gmail account at the start of the workday, and had to use the “Forgot Password” feature. As usual, Google will send a confirmation code to reset the password, via phone message. But this time the message didn’t come.
Thinking this was just a bug, Eric went to a T-mobile carrier at 11am and was told the SIM was “dead”, with no further information.
“After a few calls to the operator, I learned that the SIM had been disabled to switch to another phone at 1:17 a.m. local time at a T-Mobile store near Oakland, California,” Eric said. know.
After getting the SIM, the hacker managed to get Eric’s Google account through the forgot password feature and send the code via text message. Unfortunately, this investor uses Google’s password management app, so crypto accounts and passwords also fall into the hands of hackers.
Eric Falkenstein’s T-Mobile sim was transferred to another phone by hackers overnight local time, when carrier agents were not working. Image: Vice.
“Although an online password manager like Google is not ideal, I feel safe as all my Gemini and Kraken exchanges accounts are MFA secure, which requires a verification code. authentic from Authy or Google Authenticator on a mobile device,” Eric recounts.
It is not clear how, but after obtaining the account information, the hacker bypassed all these MFA applications to get close to 350,000 USD from accounts, mainly AVAX tokens. Hackers have also removed the feature of setting transaction limits in Kraken accounts.
Due to still trying to investigate, Eric recently made the case public. Exchange with Zing, the investor said it’s still unclear how the hacker managed to get past multi-factor authentication. “I still want to know how an attacker can recreate Authy and Google Authenticator with just a phone number and a Google account, it’s confusing,” Eric said.
Google Authenticator, an application that provides account login authentication codes used by many people. Image: androidguys.
“It is not clear how the hacker overcame Google Authenticator, maybe they reset the MFA of the Gemini and Kraken accounts of Falkenstein, temporarily transferring the MFA from the app via SMS,” speculated Dr. Giang. But one lesson that can be learned is that MFA applications also do not provide absolute security, he noted.
“Accept” when hacked
Eric suspects that the hacker has an insider at T-Mobile that helps us hijack the SIM in the first place, because T-Mobile stores don’t open at midnight, and if you want to ask the carrier to transfer the SIM to another phone, the owner Subscribers need to be present and present identification.
“I think there was an insider at T-Mobile that allowed the hacker to get the phone number. Unfortunately, I don’t have any way to prosecute them,” the investor told Zing.
While major hacks targeting systems like Binance often get a buzz, hacks targeting individual investors get little attention. Eric had no choice but to “bear with his teeth”.
After learning the hack happened to Eric, some investors said they would switch to using hard authentication keys instead of MFA applications, such as this Yubikey. Image: macrumors.
“In the US the only law enforcement agency capable of prosecuting these criminals is the cyber security department of the FBI, but when I reported it, they only checked the attacker’s IP, which is clearly visible. obviously manipulated through the VPN,” Eric said. The attacker moved the IP close to Eric’s address when making the money transfer, in order to bypass the fraud detection algorithms.
“This field is so new that the ‘security experts’ also only have useless superficial knowledge, because the people who hire them have less knowledge,” said Eric angrily after both the FBI and Outsourced “experts” only know how to check fake IPs and provide no more information.
Eric’s attorney also said that the lawsuit against T-Mobile would cost about 100,000 USD, takes a few years and the probability of winning is not high. The lawyer also said the SIM hijacking could be related to a hack that exposed the data of some T-Mobile subscribers in 2021.
Hackers sold T-Mobile subscriber data in a 2021 hack including address, phone and social security number, but Eric said this information was not enough to be able to hijack SIM. Image: krebsonsecurity.
T-Mobile and Kraken both “turned away” when they heard about the hack and said they would only respond to law enforcement. Eric did not have access to the T-Mobile SIM transfer transaction that the attacker made, as well as the procedures for MFA transfer and transaction limit removal in Kraken. “No progress,” summed up this investor when Zing inquired about the investigation process more than half a year after the hack.
Do not expect services like Google, Binance, Kraken or mobile carriers to help, and must know how to quickly lock money, stock, and cryptocurrency accounts as soon as the phone number is detected, Dr. Giang summarizes the hack 350,000 USD happened to Eric Falkenstein.
Both Dr. Giang and Eric said they no longer trust Google, or even any online password management application, and instead look to offline password management software.
“I won’t give Google or Gmail any more information,” Eric told Zing.
“Falkenstein made a mistake when using Google’s password manager, because from the SIM and Google account hackers can easily get other accounts,” said Dr. Giang. Also, where possible, users should use hard authentication keys, instead of the MFA application.
“Once a hacker has obtained account information, be it a bank account or a stock, the possibility of losing money is high. This is not only a risk for investors but anyone,” this expert said. tell more when Zing Ask about concerns after the incident.