Itβs not as easy as it sounds being a professional gamer. A League of Legends superstar has had $200,000 in cryptocurrency stolen from them β directly from their Coinbase account.
In a YouTube video spotted by Dot Esports, Yiliang βDoubleliftβ Peng describes how he awoke one morning last week to messages from his bank telling him he is overdrawn on his account.
While the exact details of the hack have not been officially confirmed, Peng does have his suspicions.
What happened?
Peng states that around a couple of weeks before the theft, he had experienced some abnormal cellphone coverage which he now believes to have been part of the scammerβs βgenius plan.β
The π of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
The League of Legends star believes that he was a victim of βsim swappingβ β a fraudulent tactic attackers employ to dupe carrier employees into giving them access to the victimβs phone number.
Pengβs mobile provider confirmed the number had been reported as lost or stolen, and could have been transferred.
By obtaining access to Pengβs mobile phone number, the scammer could then gain access to his email and Coinbase accounts. As Coinbase uses mobile phone numbers as part of its two-factor authentication process (2FA), the scammer was not prevented from accessing Pengβs account when challenged.
The scam didnβt end here. The attacker then went on to employ an intricate system of email filters which prevented Peng from realizing the hack was taking place.
Emails that confirmed Coinbase transactions sent to Doubleliftβs inbox were forwarded to a hidden email address β most likely belonging to the scammer. After this, emails were then deleted from Doubleliftβs inbox. It happened so quickly Doublelift never saw any of the suspicious Coinbase activity.
The intricate β and clearly well-planned β heist is another in a string of scams that have seen unwitting victims conned out of their cryptocurrency. Last month, a Finnish millionaire lost $35 million in an illegitimate cryptocurrency investment.
While Doublelift isnβt setting any records for the highest value of assets stolen, it is certainly unnerving that scammers can covertly obtain such large sums. Doublelift remains confident he will get his lost funds back, so it might not all be bad news for the gamer.
Of course you should always use 2FA. But if you ever notice unusual activity on your mobile phone that you use for it, speak to your carrier to make sure your number hasnβt been compromised in a βsim swapβ scam.
Get the TNW newsletter
Get the most important tech news in your inbox each week.