TL;DR: On February 21, 2020, Redditor u/zhoujianfu claimed about $30 million worth of bitcoin cash (BCH) had been hacked from him in an apparent SIM attack. The post linked to an address, insisting the swiped funds “only had 3 confirmations” at that point, and asked “if any miners/the community can help somehow, I’ve got the private keys. Help help help,” u/zhoujianfu implored, “big reward obviously.” The post has since been deleted.

$45,000,000 Worth of BCH & BTC Claimed Stolen in SIM Attack

Subscriber Identity Module is what’s also known as a SIM card, ubiquitous in most smartphones. They’ve increasingly become attack vectors through swaps or social engineering of phone service providers, whereby thieves are able to gain valuable personal information.

The ever-dramatic online personality Dovey Wan shouted to the rooftops, insisting “1 single Chinese whale” suffered a SIM attack of some $30 million in BCH and another $15 million in BTC. If true, it would be the largest such SIM heist of its kind ever recorded. “I’m talking with top BCH pool owners on this OMFG,” she revealed.

The founder of SlowMist and Joinsec, @evilcos, noted the wallet was probably a Blockchain.com (then dot org) variety, suggesting the victim could be a long-time cryptocurrency enthusiast. Claiming real hackers wouldn’t taint withdrawals in such a manner, as @CryptoHerpesCat mused, “Something doesn’t smell right with this BCH and BTC SIM swap hack. As the hacker is splitting up coins, he’s also doing tiny withdrawals from exchanges and re-using the same wallet? This makes no sense.”

Same or Similar Timezone

@UncleDiaz noticed how the apparent “hacked coins were sent to an address that had already been used 17 Feb. The address the coins were sent to first have most of their activity between 23:00-08:00 UTC, which if converted to US West Coast time is 15:00-23:00. So hacker is probably in the same or similar timezone,” he inferred, which seemed to match with u/zhoujianfu’s Reddit posting times.

Speculation further mounted about the victim’s identity. Several sources revealed the potential victim as having links to projects such as Dreamhost, Bitcoinbuilder, and Inktank, priding himself as something of a security expert. Whatever the case, u/zhoujianfu did sign for ownership of the BTC wallet, but not the BCH.

Most analysts believe the stolen coins might either find their way to mixers or exchanges or a combination of both. They also tend to think perhaps too much personal information was provided by the victim over the years, helping potential black hat hackers to form a profile as they lay in wait. Details and specifics are sketchy on the SIM attack probably due to those now somewhat “known” factors, and thus maybe the Reddit post deletion attempt.

Miners rolling back the respective chains to recover funds is likely out of the question. When Binance was looted for some 7,000 BTC last year, its CEO toyed with that idea and was promptly such down. What can happen is exchanges used by hackers will be alerted, and chain analysis and tracking can often go a long way toward recovering some of the losses. The lesson, if the SIM hack is what the victim claims, is to probably never keep that amount of funds accessible through a phone or hot wallet, to lock SIMs in place, avoid using phone numbers with regard to 2-factor authentification techniques, and to guard personal information very closely.

CONTINUE THE SPICE and check out our piping hot VIDEOS. Our podcast, The CoinSpice Podcast, has amazing guests. Follow CoinSpice on Twitter. Join our Telegram feed to make sure you never miss a post. Drop some BCH at the merch shop — we’ve got some spicy shirts for men and women. Don’t forget to help spread the word about CoinSpice on social media.

DYOR: CoinSpice is your home for just spicy crypto things. We’re not affiliated with any cryptocurrency project or token. Each published piece is intended for information purposes only, not investment advice and not in the hope of impacting speculative markets. There are plenty of trading sites and coin-specific advocacy journals out there, we’re neither. CoinSpice strives for rigorous accuracy in our reporting. Information presented here is contingent usually on a host of factors, and the ecosystem moves fast — prices change, projects change, and at warp speed. Do your own research.

DISCLOSURE: The author holds cryptocurrency as part of his financial portfolio, including BCH.