Hackers Find Exploit Through SS7 SMS 2FA to Empty Bitcoin Wallets

Imagine using a highly touted security feature, only to see it backfire in the most spectacular way, causing you to lose more than just time but also money. Now imagine it happening to a Bitcoin wallet that you’ve carefully guarded for the past few months or years. It surely isn’t a pleasant thought.

More than just a scary thought experiment, the above is actually a very real threat for many owners of Bitcoin wallets. Basically, anyone who has enabled two-factor authentication through SMS can be robbed of their bitcoins. and all it takes is some basic personal info.

The flaw lies in the public switched telephone network, or PSTN, where a certain part of the established protocol called Signaling System No. 7 can be exploited to intercept any incoming SMS anytime and anywhere.

Though it has been a known phone network exploit for quite some time now, it still hasn’t been remedied. And so, security researchers and hackers alike have access to it as a go-to method of violating people’s privacy and exposing them to all kinds of trouble.

Recently, researchers from Positive Technologies, a Russian security firm, were able to use the SS7 exploit to snag control of a bitcoin wallet on Coinbase (by compromising 2FA of associated Gmail account) and remove its contents. They put together a video with explanations, which you can watch here:

What they did here was just show the possibilities with such an exploit. And from the looks of it, as long as a hacker has access to a user’s first name, last name, and mobile phone number, then they’re good to go.

And the extent of the damage isn’t just limited to bitcoin wallets. In fact, hackers with knowledge of the exploit and access to a user’s personal information can also compromise money lying in active bank accounts. As the SS7 exploit has been known for quite a while, there have been many instances of it being applied in the real world over time, and an attack on bitcoin wallets is simply one of the latest ways to use the exploit.

So how can it be stopped? The truth is, you are only really vulnerable to it if you use a specific form of two-factor authentication. Since it works by intercepting SMS that is meant for a victim’s phone number, simply taking it out of the equation eliminates any threat of the SS7 exploit.

Alternatives to the use of two-factor SMS authentication include the use of apps like Google Authenticator, using two-factor email authentication, or just turning it off completely in favor of using other methods for security like better passwords and possibly even code numbers.

In any case, the responsibility of making sure that a bitcoin wallet remains safe from targeted attacks such as this one ultimately lies in the hands of the bitcoin wallet’s owner. If the SS7 exploit has stood for all the time that it has up to now, it’s unlikely to be fixed anytime soon.


Leave a Reply