In a growing trend, hackers are hijacking phone numbers as a new way to steal funds from bitcoin and other accounts.

According to a report by Forbes, hackers were able to fake the identity of Colombian man Jered Kenna then subsequently transfer his mobile phone number from T-Mobile to another carrier linked to a Google Voice account to which the hacker had access.

On gaining control, hackers received calls and messages from Kenna’s phone, allowing them to reset the passwords for his email address by having SMS codes sent to the rerouted phone. With this access, the hackers could change the passwords on all Kenna’s accounts, including two banks, two bitcoin wallets, a PayPal account and even his Windows account.

The hacks into the bank account were easily reversible. However, the same was not the case for his bitcoin account. Hackers stole “millions of dollars” of the cryptocurrency. “I was one of the first people to actually do anything in bitcoin and I no longer have any bitcoin to speak of,” Kenna said. “I’ve got, like, 60 coins or something, which is nothing.”

According to the report, the U.S. Federal Trade Commission received 2,658 reports of cases such as these in January 2016, 6.3 percent of all case involving identity theft, up from 1,038 or 3.2 percent for the same period in 2013. Forbes notes that it’s difficult to put an actual figure on the number of hacks targeting digital currencies but notes that bitcoin exchange Coinbase Inc. believes the number will double from November to December among its customers.

“The security weakness being exploited here is not one that only affects cryptocurrency industry players — they are simply being targeted first because such transactions cannot be undone,” the report warned. “The security loophole these hackers are milking can be used against anyone who uses their phone number for security for services as common as Google, iCloud, a plethora of banks, PayPal, Dropbox, Evernote, Facebook, Twitter, and many others.”

This isn’t the first time security issues around using two factor authentication via SMS message has been in the spotlight. The National Institute of Standards and Technology recommended in August that 2fa SMS systems should not be used because of their inherent insecurity.

Image credit: Pixabay/Public Domain CC0