Hackers are able to steal money from electronic wallets, using the vulnerability of mobile networks. This is stated in a study of the company Positive Technologies.

According to the experiments of Positive Technologies engineers, criminals can set the e-mail address of the holder of any purse on the largest crypto-exchange, having intercepted a text message with a one-time code. Then, attackers change their passwords from the mail associated with the wallet and gain access to funds.

This type of cyberattack is possible because of the lack of the SS7 signaling system. It was developed in 1975, and is still used by most telephone networks of the world. In the spring of 2017, the first abductions of money through the breach SS7 were committed in Germany. Hackers received passwords of mobile banking users sent by the cellular operator Telefonica Germany.

Video from experts Positive Technologies explains how the hacking technique works.

Because of SS7 vulnerability, the victim may not be aware of the attack and not be able to cancel the transaction. But mobile operators argue that the rejection of SMS-sending of one-time passwords is impossible yet. This is the most user-friendly two-factor identification system: it only remains to change the passwords for mail and applications, coming up with ever more complex combinations.

Holders of crypto currency can protect themselves using exchanges for exchange, but not for storing funds, as in a classic bank. Return stolen virtual money is still impossible, and because of the semi-legal status of any crypto-exchange can suddenly go offline and not return.