[Robotbeat]

Well… it’s not necessarily a good idea to do 2FA with SMS. Additionally, the codes sent by SMS are usually very time-sensitive, like 5 minutes.

And it means someone has to have compromised both your computer and your SMS in order to defeat the 2FA. Which doesn’t make it impossible. But it’s not trivial to coordinate those things.

[judge2020]

But, to add, sim swap attacks are a known issue and anything of value becomes a target. The main issue is that retail employees in 'authorized reseller' locations are allowed to make changes to accounts with the PIN of the account holder, but that is often easy to guess or is easy to figure out by anyone that does enough digging into someone's life.

https://www.cnn.com/2020/03/13/tech/sim-hack-million-dollars...

https://youtu.be/caVEiitI2vg?t=145 (tldr he got cold called to set up 'extra security', gave the attacker a PIN number, and the attacker used that to impersonate them within a T-Mobile store and swap the sim card from the phone into a new phone, thus receiving SMS 2fa codes for their accounts).