Two-factor authentication is usually viewed as a more secure alternative to regular passwords, or used to enhance traditional password logins. This is because it is under the assumption that no one else has access to your phone where you would receive the one-time activation code to log into an account or verify an action.
However, it isn’t always perfect because like we said, if the attacker has access to your phone or phone number, they can easily intercept the code. This is exactly what a Canadian teen did where they tricked a carrier into handing over access to the victim’s cell phone number through a SIM swap attack.
Basically this is the process where you ask a carrier to send you a replacement SIM card for whatever reason. Usually carriers have to verify you through a series of questions, which means that the teen had access to this information. Upon receiving the new SIM, the teen managed to intercept two-factor authentication codes and logged into the victim’s cryptocurrency account where $36 million worth of crypto was stolen.
Police have since arrested the teen after it was discovered that the stolen crypto was used to buy an online username considered rare in the gaming community, allowing them to identify the culprit and leading to their arrest.