It all happened very quickly.
At about 11:58PM I received a text that a new phone service had been activated on my number with a carrier I don't use. It came with a link to a password protected (PIN setup when the service was purchased) PDF file that contained the contract for the start of service. I had a friend of mine crack the password to the PDF which ended up being 13371337 (lol). They filled out the form with bogus info for the name and address.
At this point my phone number had already been stolen and my phone lost service, being unable to text or make phone calls.
I tried logging into my email account, and the password had been changed. Since my mobile number was linked to my email account, the attacker was able to now use my number to get the code to reset the password. I thought I had removed the phone number from this account but apparently I missed it. At some point last year I anticipated this happening and switched most of my 2FA to google authenticator instead of SMS, which ended up saving my ass last night.
At around 1:44 AM I was thankfully able to regain access to my email account by using my backup email address on file which the attacker thankfully hadn't changed, and also provided some other info to my email provider to prove ownership.
At first nothing seemed out of place until I checked my deleted messages folder and saw password reset requests for three different cryptocurrency exchanges I have held accounts on. Two of these don't hold many funds but the third currently holds a fair amount of my coins. (This is another reason you should keep your coins off of the exchange).
Time frame was as follows:
As you can see the entire attack lasted less than 20 minutes, which is terrifying.
Thankfully I had Google Authenticator 2FA setup on all of these accounts so the hackers were not able to gain access and drain my funds. Anyone using SMS verification should switch to Google Authenticator because this is the one thing that kept my coins safe. I still need to recover my phone number and at this point I feel like I should change my number or carrier. My mobile carrier only requires a 4 digit pincode to login and make changes which is probably one of the weakpoints that allowed this attack to happen.
My information was leaked in the Ledger breach that happened last year and I am positive that this leak is what caused me to be attacked last night. I am sure I am on a list being passed around and some of you might be as well. Please exercise caution, secure your passwords and enable Google Authentication and 2FA on everything you can.