In an age where digital transactions dominate, financial security is more critical than ever. One Wealthsimple user recently learned this the hard way after waking up to a shocking discovery — nearly $5,000 had vanished from his account. The cause? Cyber fraud.
The investor, a member of the r/Wealthsimple forum on Reddit, described how their crypto assets were sold, converted into cash and transferred out of their account — all without their authorization. Alerted by a confirmation email, u/amseghir took quick action and contacted Wealthsimple’s fraud department; he also took to the Reddit forum r/Wealthsimple.
His tale sparked immediate concern, as other investors recounted similar experiences of unauthorized transactions and potential security breaches.
Not the only SIM swap cyber fraud victim
But u/amseghi’s case is far from unique. A Toronto-area couple lost more than $140,000 in a devastating SIM swap scam that gave fraudsters access to their stock trading and cryptocurrency accounts.
Wayne and Diana Stork had no idea their phone number had been hijacked until Wayne’s device went into “SOS mode,” leaving him locked out while hackers drained their savings. By the time their mobile provider, Freedom Mobile, recognized the fraud, the couple had already lost a significant portion of their retirement funds.
These cases underscore a chilling reality — cybercriminals are becoming more sophisticated, and even well-prepared investors are at risk. As more people turn to digital banking and investment platforms, understanding how these scams operate and how to safeguard personal finances has never been more urgent.
Road to financial loss
Despite having two-factor authentication (2FA) enabled, cybercriminals managed to gain access to u/amseghir’s account, leaving the Wealthsimple client scrambling for answers.
In the Reddit thread discussing the incident, several users speculated about the potential causes:
- Phishing scams: The victim recalled clicking on a social media ad for "Wealthsimple Rewards," which they believe may have been a fraudulent link leading to a fake login page.
- Weak 2FA security measures: While the user had 2FA enabled, some forum members pointed out that SMS-based 2FA can be easily intercepted or bypassed.
- Third-party data leaks: Others suggested that the victim may have reused passwords or had their credentials compromised through another service.
One commenter noted that even strong security measures can fail if a hacker gains access to a user’s email, where 2FA codes are often sent.
Financial fraud digs deep into Canadian pocketbooks
According to the Canadian Anti-Fraud Centre (CAFC), Canadians lost over $554 million due to fraud in 2023. Investment fraud was particularly significant, accounting for approximately $309.4 million of these losses.
Cryptocurrency fraud is one of the fastest-growing trends. In 2023, such scams had a high median dollar loss of $9,365, with 82.6% of those targetted reporting financial losses.
Cautionary tale for investors
The original post, along with subsequent comments, highlights the need for thorough due diligence before trusting financial transactions.
While the original poster did implement all standard security measures, it wasn’t enough to prevent financial fraud. The incident — along with similar examples shared in the comments — underscores an uncomfortable reality: Even those who take precautions can still fall victim to scams.
It’s not just Wealthsimple clients who need to be concerned. According to research from cybersecurity firms, SMS-based 2FA can be compromised in up to 90% of attacks through SIM-swapping and phishing schemes. The Federal Bureau of Investigation (FBI) reported a significant increase in SIM-swapping incidents, with 1,611 complaints and adjusted losses exceeding USD$68 million in 2021, alone.
These vulnerabilities have led security experts to recommend more secure alternatives, such as hardware security keys or authenticator apps, to enhance account protection.
How Wealthsimple clients can protect themselves
Many Reddit users shared their own experiences and offered critical advice to help others avoid similar losses:
- Avoid clicking on ads or unverified links: Multiple users reported seeing fraudulent Wealthsimple ads on social media. If an offer seems too good to be true, it probably is.
- Use a hardware security key: A YubiKey or other physical 2FA device is much harder for hackers to compromise than SMS or email authentication.
- Separate email accounts for banking: Some recommend creating a dedicated email solely for banking, reducing the risk of exposure from phishing or password leaks.
- Enable strong password practices: Using a password manager to generate and store unique passwords can help prevent unauthorized access.
- Monitor account activity: Regularly checking account activity and setting up instant notifications for transactions can help detect fraud early.
Will Wealthsimple reimburse the loss?
One of the biggest unanswered questions is whether the victim will be reimbursed or not.
Initially, the client was hopeful that CDIC protection would cover the financial loss, but CDIC insurance doesn’t protect against fraud (just theft and bankruptcy).
That doesn’t mean the original poster is stuck eating the loss. According to commenters and other forum members, Wealthsimple appears to voluntarily reimburse losses for some clients, while others said they were left waiting for weeks with no resolution.
To increase the odds of recovering the stolen funds, u/amseghir filed reports with the RCMP and the Vancouver Police Department. Given the fraudster used the Wealthsimple Cash Account, u/amseghir is hopeful the police will track the fraudulent transaction. Whether the funds will be recovered remains uncertain.
Final thoughts: A lesson in digital vigilance
This apparent fraud case serves as a stark reminder that financial platforms are not immune to cyber threats. Just as classic car buyers must verify a vehicle’s history before purchasing, investors need to take proactive steps to protect their digital wealth.
While fintech companies like Wealthsimple offer convenience and innovation, they also introduce new security risks. The key takeaway? Never assume your money is fully protected — stay vigilant, question unusual activity, and strengthen your account security wherever possible.
For those who use Wealthsimple or any other online financial service, now is the time to review your security measures before it’s too late.
Sources
1. Reddit: I’ve been scammed (Feb 2, 2025)
2. Global News: ‘A nightmare’: SIM card swap scam hits Toronto-area couple for more than $140,000 (March 21, 2024)
3. Anti Fraud Centre: Warning on crypto and romance frauds (May 28, 2024)
4. Better Business Bureau: BBB Scam Tracker: Canada Risk Report (2023)
5. FBI: Criminals Increasing SIM Swap Schemes to Steal Millions of Dollars from US Public (Feb 8, 2022)
This article Wealthsimple client falls victim to fraud as almost $5,000 in crypto is sold and withdrawn from his account — what investors need to know to protect their assets originally appeared on Money.ca
This article provides information only and should not be construed as advice. It is provided without warranty of any kind.
