Is a $30 Million BCH SIM Swap Hack Possible in a Non-custodial Wallet?

Peculiar $30 Million BCH SIM SWAP Hack

SIM swap hack

This infers that the victim’s information may have already been compromised. Perhaps they have already been a victim of a phishing attack or social engineering prior to being targeted for the attack vector. There are only a few options the victim can do when they are being targeted by a highly-skilled SIM swap hacker since a successful execution of the attack rests primarily on the carrier’s approval of the change. If the hackers will be able to give all the necessary requirements they will successfully execute the hack.

Why hackers are interested in SMS messages

Moreover, emails and social media accounts use SMS as a way to authenticate ownership when recovering the said accounts. Take for example when a Gmail user tries to recover his or her account. It only takes an SMS OTP to authorize a change in password. Mind you, email is also generally recognized as another 2FA method similar to SMS. This only shows how immensely important to keep your SMS or your mobile line safe. However, this proves to be easier said than done as SMS relies heavily on the due diligence of mobile service providers.


Securing our SIM

If additional authentication methods are available you might want to enable them as an extra precaution. Alternative 2FA methods include Email, authenticator apps like Google authenticator or Authy and hardware keys like Yubi keys. The additional layers of security will definitely increase security and deter attacks if hackers get access to your SIM. There is however another way of securing assets like cryptocurrencies without having to deal with 2FA methods. In fact, you don’t have to enable 2FA at all as you can have total control and access to your own assets without relying to any third party. These are called non-custodial wallets or accounts where users have total control and access to their assets.

Non-custodial wallets or accounts

Non-custodial wallet SIM swap hack

The details of the hack are largely unknown to the public and there had been no update from the alleged victim after he deleted his original post on Reddit. What is peculiar with the hack is the fact that the victim inferred to have his funds stolen from his non-custodial wallet. Those who are familiar with how non-custodial wallets work know that the only way to get access to these funds is to get its private keys. It is highly unlikely that a user with that much amount of money will ever store the private keys that can be accessed via SMS.

We may never know for sure how it happened but we can all agree that the only way that the hackers succeeded in getting access to the funds of a non-custodial wallet is by having access to the private keys of the wallet. We can, therefore, attribute the hack to a very expensive poor judgment of the wallet owner who carelessly stored his private key that can be accessed online or using SMS. Keeping private keys offline is one of the cardinal rules in using non-custodial wallets and ignoring this rule can have some dire consequences as you have witnessed above.

Non-custodial wallets and trading still the best in security

This security extends to all other services that use non-custodial wallets. This includes decentralized exchanges (DEXs) like Newdex which do not utilize a user account system that requires customers to deposit into custodial wallets held by the exchange operator. All transactions happen directly from the non-custodial wallets of the customers ensuring optimal safety since traders never lose custody of their digital assets until the moment they execute a transaction or trade. DEXs that use highly scalable blockchain like what Newdex uses, EOS, will see near instant execution of trades.

Despite the many security enhancements made by CEXs operators in the past such as keeping most liquid funds offline and getting insurance, it cannot still compare to the security DEXs offers as asset owners never surrender custody of their crypto.

CEXs might have mitigated risk from external threats but have not really made relevant progress in terms of risk associated with having to maintain a user account system in their platform and keeping custody of their client’s digital assets. Customer’s assets can still be trapped inside CEX’s for a variety of reasons, lost private keys of cold storage wallets, technical issues with their platform, regulatory compliance, and even insolvency issues.

SIM Swap Hack Possible in a Non-custodial Wallet?

It all boils down to one thing. The safety of non-custodial wallets rests on how the asset owner handles the security of the private key of the wallet or account. So long as the asset owner follows the suggested safety procedures they should enjoy unparalleled security unmatched even by the best-centralized exchanges in the world. The kind of security that blockchain technology can offer and way beyond anything the best-centralized exchanges could ever give.

Transparency Disclosure
The above article is a commissioned work for Newdex. I was tasked to write about SIM Swap attack and how non-custodial wallet’s are resilient against this attack vector. Total creative freedom was given to me. All the information stated above came from my own research and statements are of my own opinion based on my experience and knowledge. It has not been edited by Newdex or any of the aforementioned projects in the article

Originally published in Hackernoon.

For more information about Newdex please follow its official links below:


Blockchain/crypto enthusiast from the Philippines.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store