Sean Coonce:

I lost north of $100,000 last Wednesday. It evaporated over a 24-hour time span in a “SIM port attack” that drained my Coinbase account. It has been four days since the incident and I’m gutted. I have zero appetite; my sleep is restless; I am awash in feelings of anxiety, remorse, and embarrassment.

And:

The ability to port your SIM card to another device is a service that mobile carriers provide to their customers. It allows a customer to request their phone number be transferred to a new device. In most cases, this is a perfectly legitimate request; this happens when we upgrade to a new phone, switch mobile carries, etc.

And:

A “SIM port attack”, however, is a malicious port performed by an unauthorized source — the attacker. The attacker ports your SIM card to a phone that they control. The attacker then initiates the password reset flow on your email account. A verification code is sent from your email provider to your phone number — which is intercepted by the attacker, as they now control your SIM card.

Part of the issue was the author’s investment in crypto-currency, making his loss irreversible. But this goes beyond that. The loss could just as easily have been via his bank account, or currency transfer mechanisms. Pretty riveting read.