Skip to main content
T TON Adoption
RU
← Glossary
NODE/03 · Term

SIM-swap

Attack in which the adversary convinces a mobile carrier to port the victim's phone number onto their own SIM. Once in control of the number, the attacker intercepts SMS codes and resets passwords on exchanges, email, and Telegram.

Aliases: sim swapping, port-out attack, sim hijacking

SIM-swap is an attack on the user’s phone number, executed through their mobile carrier. With a minimum of personal data (full name, date of birth, last four digits of an ID, “security question” answers) the attacker walks into a carrier store or calls support and convinces them to issue a replacement SIM tied to the attacker’s phone. The victim’s original SIM goes dead immediately.

What the attacker gains

Once the number is theirs, SMS messages and calls land on the attacker’s phone. That gives:

  • SMS-based password resets on any service that uses SMS 2FA.
  • Telegram login by SMS code — the victim’s Telegram account is taken over.
  • Exchange 2FA via SMS — funds can be withdrawn from CEX accounts.
  • Email access through SMS-confirmed password reset on Gmail or similar.
  • Custodial wallet recovery (e.g. the Wallet inside Telegram, which is bound to the Telegram account).

Who is at risk

  • Public crypto influencers — attackers know they hold large balances.
  • Active CEX traders — exchanges often default to SMS 2FA.
  • Users with large balances in the in-Telegram Wallet (TG takeover = wallet takeover unless the seed is backed up separately).

Defence

  • Remove SMS from 2FA wherever possible. Use TOTP apps (Google Authenticator, Authy, 1Password) or hardware keys (YubiKey, Google Titan).
  • Enable Telegram Cloud Password. SMS login alone will not work without that password.
  • Set a port-out lock with the carrier. Many carriers offer in-store-only re-issue with photo ID; ask explicitly.
  • Dedicated “crypto number” for high-value accounts — an eSIM on a separate plan, never published anywhere, used only for 2FA.
  • Non-custodial wallets. SIM-swap does not open Tonkeeper or MyTonWallet — they have no SMS recovery.

If it already happened

Time matters. The first minutes:

  1. Call the carrier immediately and block the new SIM. Some cases can be unwound this way.
  2. Change passwords on exchanges / email / Telegram through an alternative channel (another phone, a laptop where TOTP still works).
  3. Withdraw from any CEX that used SMS 2FA into cold wallets.
  4. File a police report so exchanges can later freeze the attacker’s accounts.

Between the port and the funds being moved, attackers often act in under an hour.

Related terms