AFAIK one can do SIM swap attack if the operator has a contact center that can be socially engineered (or legally enforced, in case of nation state attack) to move your subscriber ID to another SIM.
Then the attacker can request a new credential from services that you have registered with your phone number.

Prevention: never do 2FA via SMS