SIM Swapping: How Hackers Stole Millions Worth of Crypto Via Victims Cell Phone Provider

Crypto News | Latest News

On Aug. 15, American investor Michael Terpin filed a $224 million lawsuit against AT&T. He believes that the telecoms giant had provided hackers with access to his phone number, which led to a major crypto heist.

Michael Terpin is a Puerto Rico-based entrepreneur and CEO of TransformGroup. He is also a co-founder of an angel group for Bitcoin (BTC) investors named BitAngels and of a digital currency fund, the BitAngels DApps Fund.

Terpin claims that he lost $24 million worth of cryptocurrencies as a result of two hacks that occured over the course of seven months: The 69-page complaint he filed with California law firm Greenberg Glusker mentions two seperate episodes, dated June 11, 2017 and Jan. 7, 2018. In both cases, as per the document, AT&T, of which Terpin was a longtime subscriber since the 1990s, failed to protect his digital identity.

FREE CRYPTO COIN JUNKY HANDBOOK - 147 page guide covering Crypto Fundamentals, Beginners/Advanced Crypto Trading Strategies, Crypto Mining Techniques, ICO Investment strategies, and so much more.

CRYPTO TRADING STRATEGY GUIDES - Whether You're Day Trading, Swing Trading, Or Just Investing...Our Extensive Guides Will Get You To Where You Want To Be.

Now, Terpin is seeking $200 million in punitive damages and $24 million in compensation from the telecommunications corporation.

SIM swapping scam: What does a telecoms provider have to do with crypto savings?

“What AT&T did was like a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner,” the complaint states, arguing that Terpin fell victim to a SIM swap fraud, also known as SIM hijacking or a “port out scam.”

SIM swapping is a process of leading a telecoms provider like, say, T-Mobile transferring the target’s phone number to a SIM card held by the attacker. Once they receive the phone number, hackers can use it to reset the victims’ passwords and break into their accounts, including accounts on cryptocurrency exchanges.

Occasionally, that allows thieves to bypass even two-factor authentication, as Motherboard writes. According to their investigation, SIM swapping “is relatively easy to pull off and has become widespread,” adding that “cryptocurrency accounts are common targets.”

The tactics employed by criminals to perform such hacks may vary. Sometimes, they trick customer representatives into believing they are the targets and make them hand over their data. However, as per Motherboard, fraudsters often use the so-called “plugs”: telecom company insiders who get paid to do illegal swaps. An anonymous SIM hijacker told the publication:

“Everyone uses them[…] When you tell someone [who works at a telecoms company] they can make money, they do it.”

An anonymous source at Verizon told Motherboard that he had been approached via Reddit, where he was offered bribes in exchange for SIM swaps. Another Verizon employee claimed that the hacker promised that they would make “$100,000 in a few months” if he would cooperate — all he had to do is “either activate the SIM cards for [the hacker] when [he was] at work or give [the attacker his] Employee ID and PIN.”

More related to the Terpin case, Motherboard’s dialogue with an AT&T employee suggested that their system’s design reportedly allows some employees to supersede security features, such as the phone passcode that AT&T requires when porting numbers:

“From there, the passcode can be changed[…] With a fresh passcode, the number can be ported out with no hang ups.”

How was Terpin hacked?

As mentioned above, Terpin was hacked twice: in June 2017 and in January 2018.

First, in the summer of 2017, he found out that his AT&T number had been hacked when his phone suddenly went dead, according to the complaint. He then learned from AT&T that his password had been changed remotely “after 11 attempts in AT&T stores had failed.”

After gaining access to Terpin’s phone, the attackers used his personal information, including calls and text messages, to break into his accounts that use telephone numbers as a means of verification, including his “cryptocurrency accounts” — although it doesn’t specify the type of those accounts. The hackers also reportedly hijacked Terpin’s Skype account to impersonate him and convince one of his clients to send them cryptocurrency.

AT&T reportedly cut off access to the hackers only after they managed to steal “substantial funds” from Terpin. The document also states that after the incident, on June 13, 2017, Terpin met with AT&T representatives to discuss the attack and was promised by AT&T that his account would be moved to a “higher security level” with “special protection,” akin to the ones used by celebrities:

“AT&T further told Mr. Terpin that the implementation of the increased security measures would prevent Mr. Terpin’s number from being moved to another phone without Mr. Terpin’s explicit permission, because no one other than Mr. Terpin and his wife would know the secret code.”

Nevertheless, half a year later, on Saturday, Jan. 7, 2018, Terpin’s phone reportedly turned off again — he got attacked yet another time. The complaint claims that “an employee in an AT&T store cooperated with an imposter committing SIM swap fraud,” despite extra security measures being taken back in June 2017:

“As AT&T later admitted, an employee in an AT&T store in Norwich, Connecticut ported over Mr. Terpin’s wireless number to an imposter in violation of AT&T’s commitments and promises, including the higher security that it had supposedly placed on Mr. Terpin’s account after the June 11, 2017 hack that had supposedly been implemented to prevent precisely such fraud.”

This time the thieves allegedly stole about $24 million worth of cryptocurrency, even though he tried to contact AT&T “instantly” after his phone stopped working. AT&T allegedly “ignored” his request, leaving the hackers enough time to get enough information about Terpin’s crypto accounts to move his funds to their own accounts. The plaintiff complaint argues that Terpin’s wife also tried calling AT&T at the time, but was put on “endless hold” when she asked to be connected to AT&T’s fraud department.

The Terpin case could be a legal precedent for SIM swapping scams

As the complaint sums up, emphasising the potential scale of port out scams:

“AT&T is doing nothing to protect its almost 140 million customers from SIM card fraud. AT&T is therefore directly culpable for these attacks because it is well aware that its customers are subject to SIM swap fraud and that its security measures are ineffective. AT&T does virtually nothing to protect its customers from such fraud because it has become too big to care.”

When Gizmodo contacted AT&T for a comment on the story, the company reportedly denied the accusation, stating that they are ready to stand their ground:

“We dispute these allegations and look forward to presenting our case in court.”

Terpin told Gizmodo that such crypto heists are commonly performed by “college kids who go online in these Discord groups.” He also insisted that in his case, the thieves used an AT&T employee:

“The one thing that’s been a link between [the crypto hacks] is that in every case they’ve had an insider[…] [Trading cryptocurrencies] is safe as long as nobody gives out your digital identity.”

He added that he contacted the FBI, Homeland Security and the U.S. Secret Service, and they’ve identified the AT&T employee who allegedly participated in the attack.

Terpin also claimed that he doesn’t give out his phone number anymore, relying on Google Voice instead.

Author: Cryptobonx

Cryptobonx is a Crypto –Currency and Blockchain Enthusiast.He is a believer of transforming complex information into simple, actionable content.

Leave a Comment

[js-disqus]

Latest Crypto News

Goals set by Justin Sun for Tron(trx)in 2019

On the 31st Of May 2018, Tron achieved independence from Ethereum and Launched its own Mainnet with the Intention of being a fully functional Public Blockchain that supports Creation and development of decentralized Apps (dApps)

Read More »

Crypto Regulation Commences in South Africa

The South African government today issued a statement regarding the steps it is taking on cryptocurrency trading by setting up a working group dedicated to regulating blockchain and crypto. Background Before we get into that,

Read More »

Facebook Hiring: 5 Cryptocurrency Positions Open

Something is definitely brewing in Facebook’s newly formed department. Early in May, there was a rumor that Facebook was interested in opening a cryptocurrency department within its headquarters. The advertised positions are: Two Software Engineers

Read More »

Crypto StartUps are Failing

Cryptocurrency start-ups have had a rough year with a huge section of them laying off loads of their workers with the  Bitcoin price crash. Bitcoin has lost around $280 billion of its value this year

Read More »

CNBC Reporting the surge of bitcoin to $100 back in 2013!!

https://www.youtube.com/watch?v=O3XvCbh8pQU reddit Buffer Facebook Twitter FREE CRYPTO COIN JUNKY HANDBOOK – 147 page guide covering Crypto Fundamentals, Beginners/Advanced Crypto Trading Strategies, Crypto Mining Techniques, ICO Investment strategies, and so much more. CRYPTO TRADING STRATEGY GUIDES

Read More »

Sign Up Below!
Airdroppin the Latest Crypto News, Trading Strategies, Tools, & Reviews



Crypto Guides & Tutorials

 Crypto Reviews

Subscribe to Our Social Media Daily Crypto Memes
Follow, Like, and Share Our Memes With The World


SIM Swapping: How Hackers Stole Millions Worth of Crypto Via Victims Cell Phone Provider

Crypto News | Latest News

On Aug. 15, American investor Michael Terpin filed a $224 million lawsuit against AT&T. He believes that the telecoms giant had provided hackers with access to his phone number, which led to a major crypto heist.

Michael Terpin is a Puerto Rico-based entrepreneur and CEO of TransformGroup. He is also a co-founder of an angel group for Bitcoin (BTC) investors named BitAngels and of a digital currency fund, the BitAngels DApps Fund.

Terpin claims that he lost $24 million worth of cryptocurrencies as a result of two hacks that occured over the course of seven months: The 69-page complaint he filed with California law firm Greenberg Glusker mentions two seperate episodes, dated June 11, 2017 and Jan. 7, 2018. In both cases, as per the document, AT&T, of which Terpin was a longtime subscriber since the 1990s, failed to protect his digital identity.

FREE CRYPTO COIN JUNKY HANDBOOK - 147 page guide covering Crypto Fundamentals, Beginners/Advanced Crypto Trading Strategies, Crypto Mining Techniques, ICO Investment strategies, and so much more.

CRYPTO TRADING STRATEGY GUIDES - Whether You're Day Trading, Swing Trading, Or Just Investing...Our Extensive Guides Will Get You To Where You Want To Be.

Now, Terpin is seeking $200 million in punitive damages and $24 million in compensation from the telecommunications corporation.

SIM swapping scam: What does a telecoms provider have to do with crypto savings?

“What AT&T did was like a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner,” the complaint states, arguing that Terpin fell victim to a SIM swap fraud, also known as SIM hijacking or a “port out scam.”

SIM swapping is a process of leading a telecoms provider like, say, T-Mobile transferring the target’s phone number to a SIM card held by the attacker. Once they receive the phone number, hackers can use it to reset the victims’ passwords and break into their accounts, including accounts on cryptocurrency exchanges.

Occasionally, that allows thieves to bypass even two-factor authentication, as Motherboard writes. According to their investigation, SIM swapping “is relatively easy to pull off and has become widespread,” adding that “cryptocurrency accounts are common targets.”

The tactics employed by criminals to perform such hacks may vary. Sometimes, they trick customer representatives into believing they are the targets and make them hand over their data. However, as per Motherboard, fraudsters often use the so-called “plugs”: telecom company insiders who get paid to do illegal swaps. An anonymous SIM hijacker told the publication:

“Everyone uses them[…] When you tell someone [who works at a telecoms company] they can make money, they do it.”

An anonymous source at Verizon told Motherboard that he had been approached via Reddit, where he was offered bribes in exchange for SIM swaps. Another Verizon employee claimed that the hacker promised that they would make “$100,000 in a few months” if he would cooperate — all he had to do is “either activate the SIM cards for [the hacker] when [he was] at work or give [the attacker his] Employee ID and PIN.”

More related to the Terpin case, Motherboard’s dialogue with an AT&T employee suggested that their system’s design reportedly allows some employees to supersede security features, such as the phone passcode that AT&T requires when porting numbers:

“From there, the passcode can be changed[…] With a fresh passcode, the number can be ported out with no hang ups.”

How was Terpin hacked?

As mentioned above, Terpin was hacked twice: in June 2017 and in January 2018.

First, in the summer of 2017, he found out that his AT&T number had been hacked when his phone suddenly went dead, according to the complaint. He then learned from AT&T that his password had been changed remotely “after 11 attempts in AT&T stores had failed.”

After gaining access to Terpin’s phone, the attackers used his personal information, including calls and text messages, to break into his accounts that use telephone numbers as a means of verification, including his “cryptocurrency accounts” — although it doesn’t specify the type of those accounts. The hackers also reportedly hijacked Terpin’s Skype account to impersonate him and convince one of his clients to send them cryptocurrency.

AT&T reportedly cut off access to the hackers only after they managed to steal “substantial funds” from Terpin. The document also states that after the incident, on June 13, 2017, Terpin met with AT&T representatives to discuss the attack and was promised by AT&T that his account would be moved to a “higher security level” with “special protection,” akin to the ones used by celebrities:

“AT&T further told Mr. Terpin that the implementation of the increased security measures would prevent Mr. Terpin’s number from being moved to another phone without Mr. Terpin’s explicit permission, because no one other than Mr. Terpin and his wife would know the secret code.”

Nevertheless, half a year later, on Saturday, Jan. 7, 2018, Terpin’s phone reportedly turned off again — he got attacked yet another time. The complaint claims that “an employee in an AT&T store cooperated with an imposter committing SIM swap fraud,” despite extra security measures being taken back in June 2017:

“As AT&T later admitted, an employee in an AT&T store in Norwich, Connecticut ported over Mr. Terpin’s wireless number to an imposter in violation of AT&T’s commitments and promises, including the higher security that it had supposedly placed on Mr. Terpin’s account after the June 11, 2017 hack that had supposedly been implemented to prevent precisely such fraud.”

This time the thieves allegedly stole about $24 million worth of cryptocurrency, even though he tried to contact AT&T “instantly” after his phone stopped working. AT&T allegedly “ignored” his request, leaving the hackers enough time to get enough information about Terpin’s crypto accounts to move his funds to their own accounts. The plaintiff complaint argues that Terpin’s wife also tried calling AT&T at the time, but was put on “endless hold” when she asked to be connected to AT&T’s fraud department.

The Terpin case could be a legal precedent for SIM swapping scams

As the complaint sums up, emphasising the potential scale of port out scams:

“AT&T is doing nothing to protect its almost 140 million customers from SIM card fraud. AT&T is therefore directly culpable for these attacks because it is well aware that its customers are subject to SIM swap fraud and that its security measures are ineffective. AT&T does virtually nothing to protect its customers from such fraud because it has become too big to care.”

When Gizmodo contacted AT&T for a comment on the story, the company reportedly denied the accusation, stating that they are ready to stand their ground:

“We dispute these allegations and look forward to presenting our case in court.”

Terpin told Gizmodo that such crypto heists are commonly performed by “college kids who go online in these Discord groups.” He also insisted that in his case, the thieves used an AT&T employee:

“The one thing that’s been a link between [the crypto hacks] is that in every case they’ve had an insider[…] [Trading cryptocurrencies] is safe as long as nobody gives out your digital identity.”

He added that he contacted the FBI, Homeland Security and the U.S. Secret Service, and they’ve identified the AT&T employee who allegedly participated in the attack.

Terpin also claimed that he doesn’t give out his phone number anymore, relying on Google Voice instead.

Author: Cryptobonx

Cryptobonx is a Crypto –Currency and Blockchain Enthusiast.He is a believer of transforming complex information into simple, actionable content.

Leave a Comment

[js-disqus]

Latest Crypto News

Goals set by Justin Sun for Tron(trx)in 2019

On the 31st Of May 2018, Tron achieved independence from Ethereum and Launched its own Mainnet with the Intention of being a fully functional Public Blockchain that supports Creation and development of decentralized Apps (dApps)

Read More »

Crypto Regulation Commences in South Africa

The South African government today issued a statement regarding the steps it is taking on cryptocurrency trading by setting up a working group dedicated to regulating blockchain and crypto. Background Before we get into that,

Read More »

Facebook Hiring: 5 Cryptocurrency Positions Open

Something is definitely brewing in Facebook’s newly formed department. Early in May, there was a rumor that Facebook was interested in opening a cryptocurrency department within its headquarters. The advertised positions are: Two Software Engineers

Read More »

Crypto StartUps are Failing

Cryptocurrency start-ups have had a rough year with a huge section of them laying off loads of their workers with the  Bitcoin price crash. Bitcoin has lost around $280 billion of its value this year

Read More »

Sign Up Below!
Airdroppin the Latest Crypto News, Trading Strategies, Tools, & Reviews



Crypto Guides & Tutorials

 Crypto Reviews

Subscribe to Our Social Media Daily Crypto Memes
Follow, Like, and Share Our Memes With The World


Pin It on Pinterest

Plus Free Crypto Trading Guides, Tutorials, Latest Crypto News,
and Altcoin Reviews. (Coming Soon: Pro Trading Signals)
SIGNUP FOR YOUR FREE
CRYPTO COIN JUNKY
HANDBOOK
DOWNLOAD NOW
We hate spam as much as you do. Unsubscribe anytime.
Plus Free Crypto Trading Guides, Tutorials,
Latest Crypto News, and Altcoin Reviews
(Coming Soon: Pro Trading Signals)
DOWNLOAD NOW
We hate spam as much as you do. Unsubscribe anytime.
SIGNUP FOR YOUR FREE
CRYPTO COIN JUNKY
HANDBOOK
Plus Free Crypto Trading Guides, Tutorials, Latest Crypto News,
and Altcoin Reviews. (Coming Soon: Pro Trading Signals)
SIGNUP FOR YOUR FREE
CRYPTO COIN JUNKY
HANDBOOK
DOWNLOAD NOW
We hate spam as much as you do. Unsubscribe anytime.
Plus Free Crypto Trading Guides, Tutorials,
Latest Crypto News, and Altcoin Reviews
(Coming Soon: Pro Trading Signals)
DOWNLOAD NOW
We hate spam as much as you do. Unsubscribe anytime.
SIGNUP FOR YOUR FREE
CRYPTO COIN JUNKY
HANDBOOK