Manipulation of SS7 to redirect 2FA messages, taking over WhatsApp/Signal numbers, etc. is a thing that can happen. I imagine that it’d be possible to reduce the likelihood of this happening if you have a second number on your plan that forbids roaming, maybe has additional restrictions too, and attempts to do things that are not expected could raise an alert to the user.
The use of in-app SMS delivery rather than delivery via the mobile network would also allow you to get at messages from an iPad, which otherwise cannot receive SMS.
SMS could be delivered in-app rather than via the phone network, and perhaps later you could get voicemail for it too for those things that talk verification numbers at you.