Investor Michael Terpin lost 24 million dollars in a SIM swap in 2018. He wasn't an outlier. SIM swap attacks have been a leading vector for crypto theft for years, and they've kept working because the underlying weakness (phone numbers as identity) is something carriers and platforms have been slow to fix. The good news is that the defenses are well-understood. The better news is that the funds you hold in self-custody on a hardware wallet are immune to this attack vector entirely. This piece walks through what a SIM swap is, the specific way it drains crypto accounts, the defenses that work, and why the structural answer for serious holders is moving custody off any system that depends on a phone number.
A SIM swap (also called SIM porting or SIM jacking) is when an attacker convinces a phone carrier to transfer the victim's phone number to a SIM card the attacker controls. From that moment on, the victim's calls and texts route to the attacker's phone. The victim's phone shows "no service." The attack mechanics vary. Sometimes the attacker calls the carrier and social-engineers a customer service representative into making the transfer using publicly available personal information. Sometimes the attacker bribes or coerces a carrier employee directly. Sometimes the attack uses stolen credentials to log into the carrier's online portal and request the transfer. Once the number is on the attacker's SIM, the attacker uses it to receive SMS-based two-factor authentication codes and SMS-based password resets for the victim's accounts. Email accounts secured by SMS get compromised. Exchange accounts secured by SMS-2FA get drained. Anything that depends on the victim's phone number for identity verification becomes the attacker's. The whole sequence can take less than an hour from porting to first withdrawal.
Three reasons crypto attracts SIM-swap attention specifically. Irreversibility. Once an attacker drains a wallet, the funds are gone. There's no chargeback, no fraud reversal, no bank to call. The blockchain doesn't care that the signature was authorized by a hijacked phone. Account concentration. Many crypto users keep their entire position on a single exchange account secured by an email login and SMS 2FA. One successful SIM swap unlocks the whole position. Public attack surface. Crypto holders often discuss holdings on public social media, blog about trades, or are otherwise identifiable as high-value targets. The combination of public information and irreversibility makes the ROI on a SIM swap attack better against a crypto holder than against a typical bank customer. Known incidents have moved many millions of dollars. Michael Terpin's case ($24 million stolen after a SIM-swap of his phone number) was one of the largest publicly documented. The actual count of SIM-swap-driven crypto losses is much larger, since most cases don't make headlines.
A SIM swap doesn't break cryptography. It breaks identity. What it compromises: - Exchange accounts secured by SMS 2FA (Coinbase, Kraken, Binance, others all allow SMS 2FA to varying degrees) - Email accounts with SMS-based password reset (Gmail, Yahoo, Outlook in some configurations) - Custodial wallet apps that send verification codes via SMS - Any account that uses phone-number-as-identity for recovery - Two-factor authenticator apps if the recovery is via SMS or email
What it does NOT compromise: - Self-custody wallets that don't depend on a phone number for signing - Hardware wallets that require physical confirmation - Authenticator apps secured by passkey or biometric (without SMS recovery) - Hardware security keys (YubiKey, Titan)
The asymmetry is the key insight. SIM swap is devastating against accounts that depend on phone-number identity. It's irrelevant against accounts that don't.
A serious SIM swap defense has three layers. Layer 1: Remove SMS 2FA from anything important. Move every important account to an authenticator app (Authy, Google Authenticator, Aegis on Android, Raivo on iOS) or to a hardware security key. SMS 2FA is broken in 2026 the same way it was broken in 2018; the only thing that's changed is more carrier rules, not the underlying vulnerability. Where an account doesn't let you fully disable SMS 2FA (it falls back to SMS even if you set up an authenticator), consider whether that account is worth holding a meaningful balance in. Layer 2: Lock down the carrier account. Most US carriers now offer some form of port-out PIN or account-level lock that requires the PIN to authorize any number transfer. Set this up. Use a PIN you don't use anywhere else. Verify by calling the carrier from a known number that the PIN is on file. For higher-threat-model holders, consider an MVNO carrier with stricter port-out policies (Google Fi, US Mobile, others have published better policies than the major carriers historically). Layer 3: Reduce dependency on accounts that depend on phone numbers. The fewer accounts that route through SMS-based identity, the smaller the SIM swap blast radius. Move your most valuable crypto positions to self-custody. Use email accounts that don't have SMS-based recovery enabled. Maintain a separate, low-profile phone number for accounts that absolutely require one, kept off public profiles. The first two layers reduce the probability and damage of a successful SIM swap. The third layer changes the threat model entirely.
A SIM swap can't drain a wallet whose private key is on a chip the attacker can't reach. Ryder One keeps your private key on an EAL6+ Infineon SLC38 secure element. Every transaction is verified on the device's 1.6-inch AMOLED touchscreen. The physical button is wired directly to the secure element, so no software path can sign without your physical confirmation. The device is NFC-only, with no USB cable, no Bluetooth radio, and no Wi-Fi. An attacker who has hijacked your phone number can do many things. They can drain your exchange account if it's secured by SMS 2FA. They can reset your email password and read your communications. They can socially engineer customer service representatives in your name. They cannot sign a transaction from your hardware wallet. The wallet doesn't trust the phone. It trusts the physical button and the on-device screen. The firmware that runs the secure element is independently audited by Halborn, with the audit report public. This is the structural answer for SIM swap defense. Not "hope my carrier doesn't fall for the scam" but "make sure that even if my carrier does, the funds that matter are outside the blast radius."
Three concrete steps for any crypto holder. Step 1: Set a port-out PIN with your carrier. This is a five-minute call. It's the most useful defensive measure for the smallest amount of effort. Step 2: Move every important 2FA off SMS. Authenticator apps for everything you can; hardware security keys for the highest-value accounts (exchanges, email, password manager). Step 3: Move serious crypto holdings off exchanges. A self-custody hardware wallet is the only configuration where SIM swap is genuinely irrelevant. Everything else is harm reduction. The SIM swap problem isn't going away. Carriers improve their procedures, attackers find new approaches, the cat-and-mouse continues. The structural defense (custody that doesn't depend on a phone number) is the same defense it was in 2018, and it works as well in 2026 as it did then.
SIM swaps work by exploiting the assumption that controlling a phone number proves identity. For crypto holders, that assumption is concentrated in exchange accounts secured by SMS 2FA, which a successful SIM swap turns into the attacker's accounts. The defenses (port-out PIN, authenticator apps, reduced dependency on phone-based identity) reduce the risk. The structural fix (moving crypto into self-custody on a hardware wallet) removes the attack vector entirely for the funds that move there. The phone-based attack surface still matters for everything else; the wallet doesn't.
Put the funds outside the phone's blast radius. Ryder One keeps your keys on an offline secure element, with NFC-only communication and physical-button signing, so a hijacked phone number doesn't reach the wallet. See how it works.
The only crypto wallet you can install on a crowded subway.
Set it up in less than 60 seconds and just tap your phone to send, swap, and recover.
Share: