In my country employees working for the service providers, work with syndicates to social engineer Sim swaps. The one moment your phone is working, and then the phone freeze. You reboot and then your Sim card is cloned and swapped. Many people here link their phone to online banking, so this is the main reason why they are doing this. Everyone just need to remember that this is not Bitcoin's fault, but a failure on a third party service using Bitcoin.
The false assumption that 2FA provides very great security or is impenetrable is a myth that is going on among people which have limited technical knowledge (especially in the Security branch). This includes the majority of the posters in this forum, and almost all of the posters in this thread. There are plenty of different types of penetration for social attacks, e.g. spear phishing is very effective when used among a big number of employees of a certain company.
Man this is very scary. The fact they got the phone number can effectively reset all the passwords. Otherwise in 2FA they need to lnow both the passwords and the SMS code in order to enter the account. So only getting the phone would not be enough.
You will likely be able to trick most services to reset the password if you had a lot of personal information + the phone number used on the account.