It's a familiar scenario.
You forget a password to a website or log in from a new computer, and get locked out of your account. The website or your bank sends a text to confirm it's you. Most of the time it is.
But the person receiving that text could be a hacker. Criminals are using a method known as "SIM swapping" to take over phone number accounts by duping wireless carriers, and in some cases stealing millions of dollars worth of cryptocurrency.
"In online banking, if someone gets into your account there's ways to get the money back," said Kyle Samani, managing partner at crypto hedge fund Multicoin Capital. "In crypto, if hackers get access to your your private keys, they own your money and you're screwed."
This week, a California man sued AT&T for $224 million after hackers used his number to steal $24 million worth of cryptocurrency stored on an online exchange. The plaintiff Michael Terpin accused AT&T of negligence, and likened it to "a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner."
Terpin is hardly the only one to suffer a hack. The total in cryptocurrency lost by individuals hit $1.6 billion at the end of June, according to CoinDesk's 2018 State of Blockchain Report.
In order to stop the trend, cybersecurity and industry experts say investors should guard their cellphone numbers with the same paranoia with which they guard their social security numbers.