Hackers are targeting cell phone numbers to gain easy access to victims' online accounts — and virtual currency, the New York Times reported.
According to the Times, hackers have increasingly been calling up Verizon, T-Mobile U.S., Sprint and AT&T and asking them to transfer control of a victim's phone number to a device under the hacker's control. The hacker then resets the passwords on every account that uses the phone number as a security backup.
"My iPad restarted, my phone restarted and my computer restarted, and that's when I got the cold sweat and was like, 'O.K., this is really serious,'" Chris Burniske, a virtual currency investor who lost control of his phone number, told the Times.
According to the Times, within minutes of getting control of Burniske's phone, his attackers had changed the password on his virtual currency wallet and drained the contents of an estimated $150,000.
The Federal Trade Commission reports there were 1,038 phone hijackings in January 2013 and 2,658 three years later, the Times reported. But a concentrated wave has hit those with the most valuable online accounts – virtual currency, the Times reported.
"Everybody I know in the cryptocurrency space has gotten their phone number stolen," Joby Weeks, a Bitcoin entrepreneur, told the Times.
Coinbase, one of the most widely used Bitcoin wallets, has encouraged customers to disconnect their mobile phones from their Coinbase accounts. But some customers who've been hacked say the companies need to take more steps by doing things like delaying transfers from accounts on which the password was recently changed.
"Coinbase looks like a bank, stores millions of dollars like a bank, but you don't realize how weak its default protections are until you are robbed of thousands of dollars in minutes," Cody Brown, a virtual reality developer who was hacked in May, told the Times.
A spokesman for Coinbase said the company "has invested significant resources to build internal tools to help protect our customers against hackers and account takeovers, including compromise through phone porting."