SIM Swap

A SIM swap (also called SIM hijacking) is a social engineering attack where a criminal convinces a mobile carrier to transfer a victim's phone number to a SIM card they control. Once successful, the attacker receives all calls and text messages intended for the victim, including two-factor authentication (2FA) codes. In crypto, SIM swaps have been used to bypass SMS-based 2FA and gain access to exchange accounts, resulting in significant theft. Using app-based 2FA (like Google Authenticator) instead of SMS is the primary defense.