SIM Swap (Crypto Context)
An attack where a fraudster convinces a mobile carrier to transfer a victim's phone number to a SIM they control, enabling bypass of SMS two-factor authentication to access crypto accounts.
Also known as: SIM hijacking, phone number hijacking, port-out scam
Last reviewed: 10 June 2026
SIM swapping involves a fraudster using social engineering or insider access at a mobile carrier to port a victim's phone number to a new SIM card. With control of the number, they intercept SMS-based two-factor authentication codes and trigger account resets on exchanges and crypto custodians, gaining full access within minutes.
Crypto accounts are especially targeted because of the large account balances and irreversibility of transfers. High-profile SIM-swap attacks have drained exchange accounts worth millions. The attack bypasses all password security because the recovery path depends only on the phone number.
Mitigations include using an authenticator app or hardware security key instead of SMS 2FA, adding a carrier-level SIM lock or port freeze, using a private 'data-only' number not tied to public accounts for crypto 2FA, and enabling withdrawal address whitelisting on exchanges.