SIM Swap Detection

SIM swap detection for crypto withdrawals

A crypto withdrawal cannot be reversed once it clears the network. That makes the moment immediately before withdrawal the single highest-value point to check whether the account's phone number has recently changed hands. If an attacker has taken control of the number through a SIM swap, every OTP sent to confirm the withdrawal reaches them, not the account owner. Telebase is launching a real-time SIM swap detection signal built for exactly this check. Early access is open now.

Why exchanges and crypto platforms are a prime SIM swap target

Bank transfers can be recalled or disputed. Card payments can be charged back. A confirmed on-chain withdrawal cannot. That asymmetry is well understood by attackers, which is why account takeover via SIM swap fraud disproportionately targets crypto platforms compared with other financial services. The attacker's entire goal is to reach the withdrawal step before the legitimate owner notices their phone has lost signal.

The pattern is consistent: gather enough personal detail on the victim to convince their mobile operator to port the number, wait for or trigger a login, then move straight to withdrawal or a change of withdrawal address. The window between the swap and the cash-out attempt is generally short, which is what makes a check at the point of withdrawal so much more valuable than a check only at account opening.

Where to check for a SIM swap in the withdrawal flow

Immediately before the withdrawal OTP is sent

This is the single most important point. If a swap has occurred recently, suppress the standard OTP and route the withdrawal through a harder verification path, for example a call back to a previously verified number or a delay with manual review, rather than proceeding as normal.

Before adding or changing a withdrawal address

Attackers frequently add a new withdrawal address as the first move after taking control of an account, ahead of the actual cash-out. A swap check at this step catches the setup stage of the attack, not just the final transfer.

Before disabling two-factor authentication or changing account recovery details

Loosening account security is itself a high-value action worth gating on a recent swap check, since it is often the step that precedes both address changes and withdrawal.

A detected swap is not proof of fraud by itself. Customers do change phones and SIMs for entirely ordinary reasons. The proportionate response is step-up verification at the withdrawal step, not an automatic block, unless other signals in the session point the same way. See interpreting SIM swap age for risk decisions for how recency should shape that decision, and how to check for a SIM swap before sending an OTP for the integration pattern.

Signals available today

Live in every response

SIM swap detection is launching. Early access is open now.

Telebase is completing carrier registration for the simSwap signal in GB, DE, NL and FR. It is not yet queryable in those markets today. If you want to build the withdrawal-gate pattern above and integrate ahead of general availability, get in touch. See the SIM swap detection API or how telecom signals fit into a broader account takeover prevention stack.

$0.03 per query. No contract. No minimum spend. Billed via Paddle.
Request early access