News

Unraveling a $4.5M Canadian SIM Swap Heist

BY Andrew Rossow

October 25, 2023

SIM swap attacks have become one of the biggest mechanisms for high-end digital thefts spanning smartphone after smartphone. 

A SIM, or subscriber identity module, is a small chip that enables us to call, text, and utilize data services on our mobile phones. Since each SIM card has unique identifiers for each particular mobile account, the removal of the card from one mobile device and into another mobile device physically transfers those unique identifiers and mobile services to that new device. 

In the case of a SIM swap attack, a bad actor gains control of the phone number by pretending to be their victim and convincing their mobile carrier (T-Mobile, Verizon, AT&T, etc.) to port or transfer that number to a different SIM card that is under their possession. 

From there, any two-factor authentication (2FA) protection goes out the window for any accounts associated with that number, where the bad actor now maintains complete control over the phone and its associated accounts (bank accounts, social media, crypto wallets, etc.)

As of August 2023, over 54 SIM swaps targeted people in the crypto space, resulting in over $13.3 million across a four-month period, according to X user and on-chain sleuth, @ZachXBT.   

Meet ‘Yahya’

Enter the tale of the Canadian scam artist, simply known as Yahya, who adds a new chapter to this saga, according to an Oct. 25 X thread from @ZachXBT. 

Yahya’s web of deceit and SIM swap exploits has allegedly seen him abscond with over $4.5 million.

According to @ZachXBT, Yahya had forged a clandestine partnership with Skenkir, another alleged scammer. Their modus operandi? 

Yahya, employing his unique access to certain digital panels, would identify US-based targets. Skenkir, on the other hand, would then execute the SIM swaps, thereby hijacking victims’ accounts. 

Their spoils? Split between them, with Yahya earning a substantial percentage.

A particularly audacious episode occurred in July 2023. Yahya, in association with another known scammer, HZ (who had previously had assets frozen by the FBI), bamboozled an individual named Amir out of $250k or 136 ETH, under the pretense of selling access to his coveted digital panel. The transaction, which took place at 3:04 UTC on July 2nd, was confirmed a mere 16 minutes later.

But here’s where the story takes a turn. Yahya’s digital fingerprints, in the form of a cryptocurrency wallet address from the Amir heist, began to unravel his illicit empire. By inexplicably using this same address for both the panel scam and the SIM swap payoffs, he inadvertently linked all his activities.

The scale is staggering. Over 17 SIM swap attacks have been traced back to this digital den of thieves, with over 390 ETH ($720,000 USD) flowing into Yahya’s coffers.

Prominent victims include a member from @GutterCatGang, who lost over $720,000 in a SIM swap on July 7th. Another prominent crypto voice, @Bitboy_Crypto, suffered a $950,000 loss on June 10th due to a similar exploit. 

A twist in the @Bitboy_Crypto saga, however, is that one of Yahya’s associates, aptly named ‘Smoke’, decided to betray his compatriots, making off with the loot. Further, on June 19th, @SlingshotCrypto was compromised, with losses totaling $36,000.

But perhaps the most heartrending is the attack on @PleasrDAO’s team member Jamis, who is still recovering from a severe brain injury. The July 19th breach led to a staggering $1.3 million in losses.

As for Yahya? He seems to be living the high life, splurging on luxury watches and unreleased tracks from the late Juice WRLD. When pressed on his dubious gains, Yahya appeared nonchalant, stating, “Like bro, it’s a lot of money they’re offering just for lookups.”

It remains to be seen how this modern-day digital pirate saga will conclude, but one thing is clear: the tech underworld is more alive and treacherous than ever.

Editor’s note: This article was written by an nft now staff member in collaboration with OpenAI’s GPT-4.

Dive Deep

Features & Guides