Stopping SIM Swap Attacks Using Web3

The moment that kickstarted 3NUM was a SIM Swap attack on our founder, who instantly recognized what was happening when an unused 2FA app that had been set up for testing, started asking for auth codes he hadn’t requested.

After sprinting to his nearest wireless storefront to stop the fraud, he immediately started thinking about how to prevent this kind of attack from happening to anyone else. Unfortunately, SIM Swaps have become increasingly more common in recent years, due to the attack being trivial to pull off:

• AT&T Sued for $224 Million After Phone Hackers Rob Crypto Investor
• Mobile Firm Employee Charged With Aiding Crypto SIM-Swap Attacks Targeting 19
• California Man Must Pay $61K in Restitution for SIM Swap Scam That Stole One Victim’s Crypto
• Another Bitcoin Investor Sues T-Mobile Over SIM Swap Attack

Just as a few examples…

What is a SIM Swap and Why Does This Problem Persist?

A SIM Swap is a socially engineered attack where a hacker gains access to a victim’s phone number by tricking a mobile carrier into transferring the victim’s number to a SIM card controlled by the hacker. Once the hacker has control of the victim’s phone number, they can use it to gain access to sensitive online apps including email, social media, and more damaging, crypto and banking accounts.

SIM Swaps are trivial to pull off because the current approach for how phone numbers are managed and used is architected with two huge built-in vulnerabilities:

1. Control over a phone number is completely dependent on trusting a telecom employee who can be easily tricked or coerced into simply updating a registry in a database.

2. Phone numbers, and their ability to receive messages, are directly coupled to a SIM.

Regardless of how many “safeguards” a telco provider might put in place to combat this type of mobile fraud, completely stopping SIM Swaps with existing approaches is not possible.

How 3NUM Uses Web3 Tools and Cryptography To End SIM Swaps

To stop SIM Swaps from victimizing users, we need to fundamentally change how numbers are managed, controlled, and used — without the reliance on a centralized counterparty.

This is where the necessity of web3 infrastructure comes in. By transforming a traditional mobile number into an NFT, 3NUM uses smart contracts, cryptography, and the blockchain to establish control of a mobile number. Once a mobile number transitions to a web3 native version, control over said number persists using cryptography, managed by controlling the private key of the wallet that minted the NFT. The blockchain then serves as a trusted ledger for verifying ownership. Once a 3NUM has been created, that number is no longer capable of returning to be a traditional web2 number.

This architectural approach not only transforms how numbers are controlled and managed, by transitioning from centralized reliance to decentralized user control — but it also functions to decouple the mobile number from the networking layer.

Instead of receiving messages directly to a SIM, messages sent to a 3NUM number are sent to the wallet address that owns the 3NUM NFT via an SMS gateway maintained by the 3NUM DAO. This simultaneously provides a seamless upgrade path and backward compatibility with existing mobile communications.

But, as more 3NUM-aware native applications are built, secure encrypted messages will skip the gateway and communicate with each other directly. Check out our “3NUM Technology Explained” article for additional information on how this works.

The elegance of this approach is that it provides the same functionality that’s achieved with a traditional number without any of the risks that come with the threat of being SIM Swapped!

If you want to get a secure web3 mobile number to protect yourself against the ever present risk of being SIM Swapped, get your 3NUM Shield now.