I have some questions:

1. Is there any carrier provider that allowed you to change your sim card or port to another device via phone call only?
2. If this case happens, can we blame our carrier provider on this or take some legal actions?
and what more tips or advice you can give to avoid this kind of attack.

Tips to avoid this
> Avoid storing your coins or funds for long term in a centralized exchange.
> Avoid using centralized cryptocurrency wallet.
> User hardware wallet or cold wallet.

> Do not use your mobile phone number for SMS 2FA. Instead, use apps like Google Authenticator or Authy to secure your accounts. Cybercriminals are unable to gain access to these apps even if they possess your phone number. Alternatively, you may use hardware 2FA such as YubiKey or Google's Titan Security Key.
> Do not reveal personal identifying information on social media, such as your mobile phone number. Cybercriminals can pick up such information and use them to impersonate you elsewhere.
> You should never announce on social media that you own cryptocurrencies as this would make you a target. Or if you are in a position where everyone already knows you own them, then avoid disclosing personal information including the exchanges or wallets you use.
> Make arrangements with your mobile phone providers to protect your account. This could mean attaching a pin or password to your account and dictating that only users with knowledge of the pin can make changes to the account. Alternatively, you can require such changes to be made in person and disallow them over the phone.

1. Is there any carrier provider that allowed you to change your sim card or port to another device via phone call only?

I avoided downloading files online using my phone to prevent from getting hack, but hackers now are getting smarter.

(This is IMHO based on my experience  though I never did simport but successfully  closed phone numbers and started new number by just a phone call.)

are we, in this thread, talking about sim port attack or a corrupt employee commits a crime?
internal review and investigation will reveal this employee as a perp or an accomplice or simply negligence

I'm not sure how it works in your country, but we have to sign paperwork to request for sim card replacement
if the employee also falsify this paperwork then he's commiting another crime... this no longer a simple sim port attack

you said it yourself, "it is a social engineering attack that tricks your cell phone carrier"
when you talk about corrupt employee and such, you strayed from the discussion about sim port attack

This attack has nothing to do with malware or downloading software. It is a social engineering attack that tricks your cell phone carrier into transferring your service to another phone so the attacker can receive your text messages.