
A Bitcoin exchange transaction resulted in a user getting scammed as a spoofed SMS message from a payment app made it seem that the attacker executed the payment.
A Bitcoin (BTC) peer-to-peer exchange made on the HodlHodl platform went awry as a scammer appears to have used a SIM spoofing attack to make the seller believe he was about to receive the money.
The episode was reported on June 2 by a Reddit user going by the name of Gandeloft. According to the victim, he wanted to cash out his Bitcoin savings of 0.1747 BTC, worth $1677 as of press time. Through the HodlHodl platform, he found a merchant willing to offer 1650 Euro, or $1848, for the Bitcoins. This appears to have been higher than the going market rate at the time due to the sudden Bitcoin price slip, which saw it reverse the gains made less than 24 hours earlier.
The buyer offered to use the Revolut app to settle the trade, asking for the victim’s phone number to make the payment. The victim then received a realistic SMS that purportedly came from Revolut, saying that the transfer was pending, and would be cleared in a few hours due to “difference in locations.”
At first glance, the message came from the same identifier that sent two-factor authentication codes, making it appear genuine. While the user did not see the money on the Revolut app, the scammer then successfully pressured the victim into releasing his BTC from escrow.
The victim told Cointelegraph that Revolut confirmed that the SMS did not come from them, while the merchant platform HodlHodl refused to provide any additional data that could help catch the perpetrator. According to the victim, the platform replied by saying, “We do not provide any information about our users. You can contact your bank and find out all the details”. In this case, however, no bank-traceable transactions actually occurred.
Cointelegraph requested comment from Revolut and HodlHodl, but did not immediately receive a response.
SIM-based attacks getting more common
Phishing attacks are generally easy to recognize, but the ability to spoof official addresses can give them added credibility. SIM spoofing is relatively easy to perform and very difficult to discover, though the specifics vary by country. The carriers are nevertheless able to understand the true origin of the spoofed SMS.
Mobile networks are also vulnerable to a more serious attack called SIM swapping. This can be done by tricking customer support into swapping phone numbers with a different provider, though there are several other methods.
Lending provider BlockFi recently suffered a data leak where an employee’s phone number was swapped to gain access to internal records.
Exchange users have also been targeted by such attacks through the years, with one high profile case resulting in the alleged loss of $24 million dollars through a SIM swap performed on the AT&T network.
Source: , CoinTelegraph

Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.