Krolls Crypto Breach Highlights SIM-Swapping Risk

Information was exposed on hundreds of crypto-related bankruptcy claimants in proceedings involving FTX, Genesis, and BlockFI.

A recent supply chain breach at Kroll, the risk and financial advisory firm, affected downstream customers and exposed personal information on hundreds of claimants in bankruptcy proceedings related to crypto trading firms FTX, BlockFI, and Genesis. The incident is a stark reminder of the ongoing danger to organizations from SIM-swapping attacks, researchers noted, and the need to move away from SMS-based two-factor authentication.
The Kroll breach occurred when an adversary transferred an employees phone number to an attacker-controlled device and then used it to access sensitive information. SIM swapping, or SIM hijacking, is a kind of account takeover attack in which an attacker gains unauthorized access to a targets mobile phone functions by tricking the mobile carrier into transferring the victims phone number to a SIM card that the attacker controls.
The attacks can take many forms. Some threat groups, such as China-based Scattered Spider, have pulled off SIM-swapping attacks at scale by
breaking into systems belonging to mobile carriers
and porting numbers on their own. In Krolls case, the attacker convinced T-Mobile to port a Kroll employees phone number to their own device. This gave them a way to access files containing the bankruptcy details; Kroll was retained to manage the filing and retention of proofs of claim in the proceedings for all three crypto firms.
Specifically, T-Mobile, without any authority from or contact with Kroll or its employee, transferred that employee’s phone number to the threat actors phone at their request,
Kroll disclosed last week
, noting that it learned of the breach on Aug. 19.
T-Mobile did not respond immediately to a Dark Reading request for comment.
In a notification to customers,
FTX said the breach had exposed the names
, addresses, email, and balances in their FTX accounts.
Genesis described the breach
as having a similar impact and warned victims to be on the lookout for phishing attempts designed to take control of their crypto currency accounts, wallets, and other digital assets.
The main objective in SIM-swapping attacks often is to gain control of a victims incoming text messages in order to intercept two-factor authentication codes sent via SMS. These are then used them to access the victims bank and other accounts. In many instances, threat groups have also used SIM-swapped devices for phishing campaigns.
SIM swapping attacks are used to defeat SMS-based multifactor authentication, commonly leading to account takeovers and paving the way to data breaches and cyberattacks, says Zach Capers, senior security analyst at Capterra. This is a real problem because
Capterras research
finds that 42% of businesses use SMS for multifactor authentication, he says.
Capers says SIM swapping typically begins with social engineering — often via phishing email and background research on the victim using social media, company staff pages, or other sources.
The attacker uses this information to impersonate the victim, bypass the mobile phone carrier’s account security, and convince them to port the phone number to a new device. Once ported, the attacker intercepts authentication codes and gains access to anything using SMS-based authentication, from sensitive business information to financial accounts, he says. SIM-swapping attacks are a good reason why businesses need to consider alternatives — such as biometrics and physical authentication keys — to SMS-based authentication, Capers said.
Individuals can minimize some of the risk by not posting personal data on social media platforms and other online forums, adds Georgia Weidman, security architect at Zimperium. Attackers often impersonate targets by using information such as the names of relatives, physical addresses and email addresses when trying to convince a phone carrier to port a phone number to a new SIM card, Weidman says.
Businesses can also alert employees to the danger posed by SIM swapping, she notes, and recommend adding a port freeze to their mobile account.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Krolls Crypto Breach Highlights SIM-Swapping Risk