Crypto Losses from SIM Swaps: Carrier Liability FAQ

SIM-swap attacks are now one of the most common ways hackers gain illicit access to cryptocurrency accounts. Criminals convince a mobile carrier to reassign a victim’s phone number to a different device, intercept SMS authentication codes, reset passwords, and quickly drain funds. Because crypto transactions are instant, irreversible, and borderless, victims often suffer devastating losses within minutes.

A critical — but frequently misunderstood — issue is whether U.S. mobile carriers are legally responsible when unauthorized access to crypto accounts begins with the compromise of a phone number.

This FAQ explains what AT&T, Verizon, and T-Mobile say about liability, how their contracts are structured, and what crypto users and victims need to know.

1. Are U.S. wireless carriers responsible if a hacker uses my phone number to steal my cryptocurrency?

No. All three major U.S. mobile carriers have adopted contractual language that disclaims liability when a phone number is used — even without permission — to authenticate access to cryptocurrency accounts.

2. What do the agreements specifically say about cryptocurrency-related losses?

AT&T — Direct Disclaimer

“AT&T is not responsible for losses incurred as a result of your or a third-party’s use of your AT&T wireless number […] as a source of authentication or verification in connection with any […] financial, cryptocurrency or other account.”

“There is no security or protection guarantee against unauthorized access […]”

Verizon — Direct Disclaimer

“Disallowed damages include those arising out of […] unauthorized access […] or the use of your account or device by others to authenticate, access or make changes to a third-party account, such as a […] cryptocurrency account, including […] transferring or withdrawing funds.”

T-Mobile — Direct Disclaimer

“We are not liable for damages arising out of […] the use of your account […] to authenticate, access, use, or make changes to any third-party accounts, including financial, cryptocurrency, and social media accounts.”

3. What is a SIM-swap attack and how does it work?

A SIM-swap (also known as SIM hijacking, port-out fraud, or mobile identity takeover) occurs when a fraudster:

1. Poses as the victim with the carrier
2. Requests a number transfer to a new SIM
3. Gains control of SMS & calls
4. Uses SMS-based authentication to reset login credentials
5. Transfers cryptocurrency out of accounts

This can occur via carrier error, weak identity verification, social engineering, or insider misconduct.

4. Why do hackers target cryptocurrency users?

Because:

• Crypto transfers cannot be reversed
• Platforms often rely on SMS 2FA
• Balances may be large and liquid
• Attackers can act globally and anonymously
• Traditional fraud filters don’t apply to blockchain settlement

5. Why is SMS-based security considered unsafe?

SMS was designed for communication, not security. It is vulnerable to:

• SIM-swap fraud
• SS7 network vulnerabilities
• Phishing and spoofing
• Social engineering
• Device cloning
• Malware-enabled message interception

Even the U.S. National Institute of Standards and Technology (NIST) recommends against SMS-based authentication for high-value accounts.

6. Do the carriers guarantee account or identity security?

No, they do not.

AT&T:

“There is no security or protection guarantee against unauthorized access […]”

T-Mobile:

“We do not guarantee that your communications will be private or secure […]”

This means a phone number is not legally considered a security device.

7. What types of damages do carriers exclude?

Most carriers exclude:

• Indirect damages
• Consequential damages
• Punitive damages
• Loss of profits or opportunities
• Financial and asset-withdrawal losses

Example (T-Mobile):

“Neither of us will seek any indirect, incidental, special, consequential, treble, or punitive damages […]”

Crypto losses generally fall into these excluded categories.

8. Can I sue the carrier in court for negligence?

Typically no — carriers require private arbitration, not public litigation, and prohibit class actions.

T-Mobile:

“ALL CLAIMS […] WILL BE RESOLVED BY INDIVIDUAL BINDING ARBITRATION […]”

This means:

• No jury
• No courtroom
• No public record
• No mass filings

9. Can I join a class-action if many people were affected?

No — the agreements prohibit it.

T-Mobile:

“ANY PROCEEDINGS […] WILL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT AS A CLASS, REPRESENTATIVE, MASS, OR CONSOLIDATED ACTION.”

10. Does the carrier language completely eliminate legal options for victims?

Not necessarily.
Liability waivers do not protect carriers where claims involve:

• Gross negligence
• Policy violations
• Failure to follow authentication protocols
• Insider involvement / employee misconduct
• Misrepresentation or deceptive conduct
• State or federal privacy law violations
• Failure to detect or act on fraud indicators

These cases are fact-specific — evidence matters.

11. What evidence should victims immediately preserve?

• SMS, email, and account-alert logs
• Timeline of service interruption
• Carrier customer-service transcripts
• Employee names or agent IDs
• IP addresses and device-log entries
• Blockchain transaction IDs
• Ticket and complaint numbers
• Screenshots of all actions and communications

Digital forensics and timeline clarity are critical.

12. How can victims protect themselves going forward?

Use strong authentication (hardware key or authenticator app), avoid using your phone number for security or recovery on important accounts, move digital assets to secure wallets (especially hardware or multi-sig), and ask your carrier to enable all available security features, including port-freeze, SIM-swap lock, and unique passcodes. Treat your phone number as vulnerable, not as a security tool.

13. What actions can carriers take that increase liability risk?

• Approving SIM changes without proper ID
• Ignoring documented fraud warnings
• Allowing remote changes despite account flags
• Failing to escalate suspicious requests
• Failing to follow industry-standard authentication

14. What issues may be relevant when evaluating a SIM-swap case?

Every situation is fact-specific, and different details can influence how a dispute may be viewed or analyzed.

Examples of potentially relevant issues may include how the SIM change was approved, what verification steps were used at that time, whether there were any prior fraud warnings or security flags, whether internal policies were followed, whether the account had additional security features enabled, whether the customer contacted the carrier promptly after detecting unauthorized access, and whether there are available records (such as timestamps, chat transcripts, call logs, agent notes, and notifications) that can establish what occurred and when.

Documentation, clarity of events, and available evidence often play an important role in understanding these incidents.

15. When should a victim contact an attorney?

Early engagement can help ensure that communications, documentation, and timeline records are properly maintained and organized, and that any necessary steps are taken in an appropriate sequence. For that reason, many individuals choose to contact an attorney as soon as they become aware of unusual account activity or a potential SIM-swap event.

Contact Us

When a Verizon SIM-swap leads to unauthorized access and loss of cryptocurrency, timely and strategic action is critical.

With over six years of experience and a record of handling more than 100 consumer arbitration cases, our firm has pursued claims against major cryptocurrency exchanges as well as leading phone carriers such as Verizon, T-Mobile, and AT&T.

Our attorneys are experienced in navigating proceedings before AAA, JAMS, and NAM, and understand the procedural and strategic nuances that can make or break a case. We also represent victims whose assets were stolen not only from regulated exchanges but also from self-custody wallets like MetaMask and other decentralized platforms.

Reach out to us today to discuss your case and legal options: (212) 457 9797 | info@dilendorf.com.

Attorney Advertising. Prior results do not guarantee a similar outcome. This information is provided for educational purposes and is not legal advice.