What Is a SIM Swap Attack?

Updated July 13, 2026 5 min read

A phone number feels like a fixed, personal thing, but to a phone carrier it’s just an account setting — one that a convincing enough story can get moved to a completely different device.

The short answer

A SIM swap attack happens when someone tricks or manipulates a mobile carrier into transferring a victim’s phone number to a SIM card the attacker controls, often by impersonating the victim using stolen personal information. Once the number is moved, the attacker starts receiving the victim’s calls and text messages, including one-time verification codes sent by banks, email providers, and crypto platforms. That access can then be used to reset passwords and bypass security checks that rely on text messages as proof of identity.

How the attack is carried out

Most SIM swaps start with information gathering rather than technical hacking. Attackers often collect personal details about a target — a full name, date of birth, address, or answers to common security questions — through data breaches, social media, or phishing attempts. Armed with enough of that information, they contact the victim’s mobile carrier, claim to be the account holder reporting a lost or damaged phone, and request that the number be activated on a new SIM card the attacker possesses. If the carrier’s verification process is convinced, the switch can happen within minutes, and the victim’s phone typically loses service entirely at that moment.

Why crypto accounts are a common target

Text-message codes are still a widely used way to confirm identity for logging in or approving transactions, which makes a hijacked phone number a useful tool for an attacker trying to break into financial accounts generally. Cryptocurrency accounts in particular are an attractive target because transactions, once sent, generally can’t be reversed the way a bank might reverse a fraudulent card charge, and there’s no equivalent of FDIC or SIPC coverage to make a victim whole afterward.

Warning signs it may be happening

A sudden and unexpected loss of cell signal — no calls, texts, or data — when there’s no obvious explanation like a missed bill or a known outage is one of the clearest signs a SIM swap may be underway. Unexpected account notifications, login alerts from unfamiliar devices, or password reset emails arriving in quick succession are other signs worth acting on immediately, since the window between the swap happening and an account being drained can be short.

Reducing the risk

Relying on authentication methods that don’t depend on text messages — such as an authenticator app or a hardware security key — removes the phone number as the weak link for accounts that support those options. Setting a separate PIN or passcode directly with the mobile carrier, one required before any changes to the account, adds a layer of friction that an attacker working from stolen personal details may not be able to clear. For crypto specifically, reducing reliance on any single point of access — whether that’s a phone number, a password, or a single device — limits how much damage one successful attack can do.

The takeaway

A SIM swap attack exploits trust in a phone company’s verification process rather than any weakness in cryptography, which is part of why it remains effective. Recognizing that the phone number itself is the target — not the accounts directly — makes it clearer why moving away from text-based verification, where alternatives exist, meaningfully reduces exposure.