Coin Stories | “Bitcoiners Kidnapped, Ransom Attacks, and SIM Swaps Stealing Crypto: How to Protect Yourself with Efani’s Mark Kreitzman”

Host: Natalie Brunell
Guest: Mark Kreitzman, GM of Efani
Date: January 28, 2025

Episode Overview

In this riveting episode, Natalie Brunell welcomes back Mark Kreitzman, the General Manager of Efani, to discuss the rising dangers facing Bitcoiners and crypto users. Topics include the explosion of crypto-targeted hacks, SIM swapping attacks, physical kidnappings, and the worrying erosion of data privacy. Mark brings frontline stories and actionable security advice, while unpacking how Efani’s secure mobile service aims to prevent these modern threats.

Key Discussion Points & Insights

1. Surge in Crypto-Targeted Attacks (00:34)

• 2024 saw an unprecedented spike in cyberattacks and crypto theft: over $2 billion was stolen from crypto holders.

• DeFi platforms are prime targets, and SIM swaps remain rampant.

  “There’s been probably six or seven really big DeFi hacks. There's been a lot of SIM swap, a lot of big SIM swap hacks as well.” — Mark Kreitzman [00:46]

• Phishing and malware are on the rise, frequently deceiving even savvy users.

2. Insider Threats, Data Breaches, and Password Manager Vulnerabilities (01:18)

• SIM swaps are often orchestrated by rogue employees inside telecoms; a recent bust involved a carrier employee ring responsible for $25 million in theft:

  “There was a ring of employees that SIM swapped over a thousand people and stole $25 million of crypto.” — Mark Kreitzman [01:20]

• LastPass breach: Ongoing repercussions as hackers drain millions by leveraging old, recycled credentials stored in compromised password managers.

  “If you’re a LastPass customer…they stole somewhere around like four and a half, $5 million in February of this year…as recently as Q4 of 2024, they stole another $5.3 million.” — Mark [02:26]

3. The Death of Data Privacy (03:57)

• Massive databases of personal info are circulating after breaches (e.g., National Data Group: 2.9B records, AT&T: 122M call and SMS records).
• Hackers use AI tools to cross-reference, impersonate, and social engineer targets with alarming accuracy.

  “Now if that information gets loaded into an AI tool…it can have an AI…chat conversation with you…lead you in [to a crypto scam].” — Mark [04:36]

4. Encryption Limitations (05:47)

• Data is often only encrypted in transit, not at rest within breached corporate systems.
• “Plaintext passwords” are still being leaked; everyone should proactively rotate passwords regularly:

  “Everybody should, once or twice a year at minimum, go and change all of your passwords to really everything that you use.” — Mark [07:03]

5. Anatomy of SIM Swap Attacks (07:19)

• Hackers combine breach data, AI social tools, and sometimes even spoofed voices to initiate SIM swaps.

• Example: A CEO was SIM swapped after a hacker used an AI clone of his voice to fool telecom security checks.

  “They spoofed his voice…these tools can scrape our YouTube videos, recreate our voice…passed the AI tool and he lost a lot of money.” — Mark [08:31]

6. About Efani & Their Security Model (11:03)

• Efani resells AT&T and Verizon networks but “unplugs” users from the at-risk carrier API systems.

• Eleven-step manual verification process for every account change, with the option for custom steps (e.g., video calls, passphrases).

• Includes a $5M insurance policy:

  “We provide mobile service and we have a $5 million insurance policy that we're going to do everything to protect from ever having to be used.” — Mark [12:16]

• Strict internal controls: Even top leadership has no direct customer access.

  “Me as the general manager…have zero access into anybody’s account.” — Mark [14:56]

• Regular penetration testing and minimal data retention.

7. Fake Cell Towers & Stingrays (16:42)

• “Stingray” devices, once for law enforcement, are now DIY exploits—can intercept calls, texts, push malware.
• Example: Two individuals in Bangkok sent nearly a million phishing texts in three days by driving a van equipped with a cell tower emulator (18:00).
• At conferences, these devices could be used to target Bitcoiners.

8. Signs of Phishing and Social Engineering (19:49)

• Scammers often impersonate support from trusted companies, ask users to “fix” security issues via links or calls.

  “If you get a call from any exchange…odds are 99.99 that this is going to be some kind of phishing scam.” — Mark [20:29]

• General advice: Never click strange links; major exchanges rarely, if ever, offer live phone support.

9. Multi-Layered Security: Cold Storage, 2FA, and Hardware Keys (23:08)

• Cold storage is non-negotiable for serious Bitcoiners.
• Use authenticator apps rather than SMS 2FA when possible; hardware keys (Yubikey, etc.) are best.
• However, SIM swap + email compromise can still allow hackers to reset some authenticator apps.

  “If you give them enough time…time is on the hacker side…they can get you.” — Mark [25:09]

10. Physical Threats: Kidnapping and Ransom (27:54)

• Crypto holders, especially publicly visible ones, are now targets for physical attacks.

• Example: A friend of Efani’s CEO was abducted and forced to pay $1M in crypto ransom.

  “He got taken out of his basement…they forced him to pay a million dollars in crypto.” — Mark [28:14]

• Don’t advertise cold wallets on your person (e.g., rings, wearables) that might single you out.

Notable Quotes & Memorable Moments

• On why mobile service security is vital:

  “If you lost fifty thousand, a hundred thousand or more…you’re going to find out there’s arbitration clauses now slipped into everybody’s mobile account. You’d be lucky to get 35, 40% back.” — Mark [13:27]

• On inevitable data exposure:

  “Data privacy for US citizens is gone at this point….Our data is out there.” — Mark [03:34]

• On using cold storage:

  “If you’re in Bitcoin or crypto, you got to use cold storage. You just have to learn how to use it.” — Mark [23:25]

• On hackers’ AI voice cloning:

  “So they spoofed his voice…these tools can scrape our YouTube videos, recreate our voice…[and] he lost a lot of money.” — Mark [08:31]

Practical Security Tips from the Episode

• Rotate all passwords at least annually.

• Never store seed phrases in digital (software-based) password managers.

• Never click on links in messages—even if they appear to come from trusted sources.

• Use hardware 2FA keys (like Yubikey) and cold storage wallets.

• At conferences, use a Faraday bag for your phone to avoid cell tower imitations.

  “If I’m going to go to the Bitcoin conference, I’m going to stick my phone in a Faraday bag…” — Mark [22:56]

• Be discreet about crypto wealth—don't wear or display hardware wallets in public.

Timestamps for Major Segments

• [00:34] – Scale and form of crypto hacks in 2024
• [01:18] – Carrier insider SIM swapping rings
• [02:26] – LastPass breach and password hygiene
• [03:34] – Large-scale data breaches and privacy
• [07:19] – Mechanisms and prevention of SIM swaps
• [11:03] – Efani’s approach, verification, and insurance
• [16:42] – Fake cell towers, stingrays, and physical threats
• [19:49] – Identifying phishing and impersonation scams
• [22:08] – Limitations of consumer SIM swap protection
• [23:25] – Best practices: cold storage and authentication
• [27:54] – Kidnappings and physical security for Bitcoiners

Closing Thoughts

Mark reaffirms that while no system is foolproof, proactive, multi-layered security dramatically lowers your risk. The current landscape—where breaches, SIM swaps, and even physical kidnappings are real threats—demands vigilance from every crypto holder.

“We’re huge supporters of crypto, of Bitcoin in particular and we’re fighting for people’s data privacy…We’d love to have you as a…secure mobile customer.” — Mark [30:04]

Connect with Afani: afani.com/natalie
Subscribe to Coin Stories & The News Block Newsletter: thenewsblock.substack.com
For feedback/guest suggestions: info@talkingbitcoin.com

Disclaimer: This summary is for educational purposes only and is not investment advice. Always conduct your own research.