Spanish telecommunications giant Telefónica are working together with decentralized oracle provider Chainlink to to combat SIM swapping.

The companies plan to create new tools blockchain devs can use to guard against hackers authorizing transactions with compromised SIM cards.

The partnership will see Telefónica employ Chainlink's connectivity solution Chainlink Functions to securely connect application programmable interfaces (APIs) on GSMA Open Gateway to the Polygon blockchain network.

GSMA Open Gateway is a framework of APIs that enables developers to access the networks of mobile operators who are members of the Global System for Mobile Communications (GSMA).


The first implementation will use Chainlink Functions in combination with GSMA’s Open Gateway SIM SWAP API to provide additional security for blockchain transactions, allowing smart contracts to query whether a device's SIM card has undergone any unauthorized changes.

What that ultimately means is that if a smart contract receives a response from the API suggesting you've been SIM swapped, then it will refuse to process transactions.

The implementation also "mitigates risk beyond transaction security," according to the announcement, through addressing two-factor authentication (2FA) and fraud detection in Web3 dApps and DeFi services.

The move positions Telefónica as a "Web3 enabler," said the firm's Chief Metaverse Officer Yaiza Rubio in a press release. Chainlink Lab's Chief Business Officer added that the collaboration "extends the ways in which the industry-standard Chainlink platform underpins security across the blockchain ecosystem."


What is SIM swapping?

SIM swapping is a form of social engineering hack in which fraudsters convince a mobile service provider to activate a SIM card they have in their possession, using a victim's phone number—effectively handing control over that phone number to the scammers. The hijacked number can then be used to bypass 2FA based on text messages, enabling them to gain control over the user's online accounts.

This technique is primarily used to gain access to bank and crypto exchange accounts, but it has also been employed to hijack the social media accounts of high-profile individuals and organizations.

Last year, Ethereum co-founder Vitalik Buterin fell victim to a SIM swap attack that saw his Twitter profile taken over and used to promote a fake NFT giveaway in which almost $700,000 was stolen from his followers.

In January, in the run-up to the much-anticipated approval of spot Bitcoin ETFs in the U.S., the Securites and Exchange Commission's (SEC) Twitter account was "compromised" in an apparent SIM swap attack. The hijacked Twitter account was used to publish a fake announcement prematurely claiming that multiple Bitcoin ETFs had been approved, sending the price of Bitcoin on a rollercoaster ride.

The regulator revealed that multi-factor authentication had been disabled on its Twitter account since July 2023, contradicting SEC chair Gary Gensler's own recommendations against identity theft and fraud.

Edited by Stacy Elliott.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.