Yiliang “Peter” Peng, best known as Doublelift in the eSports space, had almost $200,000 worth of cryptocurrency stolen from him in a sim-swap hacking incident, the gamer revealed in a September 14, 2018, YouTube video.
Coinbase Account Looted Following a Sim Card Swap
Yiliang “Peter” Peng.
(Source: Dot eSports)
In a September 14 YouTube video, Peng explained that the hackers impersonated him while calling T-Mobile, and managed to prompt the wireless provider to transfer Peng’s current cell phone number to a new sim card. The fairly common practice is called “sim swapping,” and it enables hackers access to any locked account or app that is connected to the original sim card.
After the hackers managed to transfer Peng’s phone number to a new card, they were able to access Peng’s Coinbase account, as well as his two-factor authentication (2FA) codes, thus gaining uninhibited access to all of this funds.
Peng explained that the hackers created a web of email filters designed to keep sensitive emails that might have raised red flags about the hacker’s activity from ever reaching his inbox. He added that even the emails confirming the transactions that came from Coinbase were forwarded to a hidden email address, and subsequently deleted.
A Scam Weeks in the Making
According to Peng’s report, he only became aware of the incident when he received an alert from the bank warning him about overdrawing his account. As Coinbase users have the option to tie their bank accounts to the service to enable quicker cryptocurrency purchases, the thieves were able to quickly empty Peng’s account.
Dot eSports reported that Peng suspected the crook pulled off the number swap weeks before he noticed his account was overdrawn. He believes that it coincides with the time he began to experience serious issues with his cell service. After calling T-Mobile to resolve it, he assumed something goofy had happened and that nothing nefarious was afoot, the report said.
While the hackers were reportedly very thorough in hiding their tracks, Peng said he believes he’ll be able to retrieve the stolen funds, as most banks cover fraudulent withdrawals. According to Dot eSports, an official bank investigation is currently in the works.
However, it seems that the $200,000 worth of cryptocurrency will not be reimbursed by the bank, according to a report from HardOCP.