A software engineer from Toronto woke up one morning to find his phone had no signal. Within 20 minutes, his crypto exchange account had been fully liquidated. By the time he reached his mobile carrier, $67,000 in Ethereum and Bitcoin had already left his wallet. The attacker had convinced the carrier’s customer support team to transfer his number to a new SIM, bypassing his two-factor authentication entirely.

Elena Castillo, a crypto tracing specialist at Pay-Recovery.com, was contacted the same morning. SIM swap cases have a narrow intervention window. The attacker’s goal is to move funds quickly before the victim can report the number transfer and regain control. 

Why Two-Factor Authentication Failed Here

Two-factor authentication via SMS is the default security layer on most retail crypto exchanges. SIM swap attacks are specifically designed to defeat that layer. By controlling the victim’s phone number, the attacker receives all verification codes and can reset account passwords without triggering any unusual alerts on the exchange side.

The carrier’s customer support representative had accepted a social engineering script. No additional identity verification had been requested. That procedural failure became a key element of the legal case.

The Elena Castillo Approach

1. On-Chain Tracing: Castillo tracked the drained funds from the exchange withdrawal address through four wallet hops. Two of the destination wallets interacted with a centralized exchange that required identity verification at the account level.
2. Carrier Complaint Filing: Castillo coordinated a formal negligence complaint against the mobile carrier. The carrier had failed to follow its own SIM transfer verification protocol. That failure created a parallel civil liability separate from the fraud itself.
3. Exchange Freeze Request: Formal fraud reports were submitted to both exchanges where the funds had moved, supported by the full forensic transaction map and the carrier’s own incident log confirming the unauthorized SIM transfer.
4. Dual Recovery Track: One exchange cooperated fully and froze the linked account. The carrier, facing a formal negligence complaint, entered settlement discussions within six weeks.

The Result: $61,000 Recovered

$61,000 of the $67,000 was recovered through a combination of the exchange freeze and the carrier’s negligence settlement. The remaining $6,000 had been converted to cash through a peer-to-peer transaction before the freeze was applied.

“Elena was completely calm when I was in a panic. She told me exactly what she needed from me and moved fast on everything else herself.”

Carriers Have Legal Exposure Too

SIM swap victims often focus entirely on the crypto exchange or the attacker. The mobile carrier is frequently the weakest link and carries legal responsibility when its own security procedures are not followed. Pay-Recovery pursues all liable parties simultaneously, not just the most obvious one.