Most virtual currency owners don't create their own digital wallets but instead store their funds with a digital exchange company. These services are comparatively newer than banks, which have had more time to create and refine default security measures for their customers. In the worst case, a bank can usually reverse malicious transactions if it or the customer detects them within a few days. But virtual currency hubs don't have that type of capability. Cody Brown, a virtual reality developer who lost $8,000 from his account when an attacker stole his mobile number, reflects on this state of affairs:
"My iPad restarted, my phone restarted and my computer restarted, and that’s when I got the cold sweat and was like, 'O.K., this is really serious.'"
Brown and others like him also feel that mobile service providers should do more to protect customers against phone hijackers. Users can create a PIN for their accounts. But if and when an attacker calls, it's up to the in-call agent to ask for it. And not everyone always does.
"[The digital exchange company I used] looks like a bank, stores millions of dollars like a bank, but you don’t realize how weak its default protections are until you are robbed of thousands of dollars in minutes."
Acknowledging these types of attacks, virtual currency owners should think twice before attaching their mobile numbers to their digital exchange accounts (if they own one). They and web users more generally should also consider switching to a means of two-step verification (2SV) that doesn't involve use of a mobile phone number. Finally, if they think an identity thief has stolen access to any of their accounts or sensitive information, they should file a report with the FTC and follow these recovery steps.
"While we work diligently to ensure customer accounts remain secure, on occasion there are instances where automated processes or human performance falls short. We strive to correct these issues quickly and look for additional ways to improve security."