SIM Swapping: How Hackers Stole Millions Worth of Crypto Via Victim's Telecoms Operator

Udgivet den by Cointele | Udgivet den

On Aug. 15, American investor Michael Terpin filed a $224 million lawsuit against AT&T. He believes that the telecoms giant had provided hackers with access to his phone number, which led to a major crypto heist.

"What AT&T did was like a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner," the complaint states, arguing that Terpin fell victim to a SIM swap fraud, also known as SIM hijacking or a "Port out scam."

SIM swapping is a process of leading a telecoms provider like, say, T-Mobile transferring the target's phone number to a SIM card held by the attacker.

AT&T reportedly cut off access to the hackers only after they managed to steal "Substantial funds" from Terpin.

"AT&T further told Mr. Terpin that the implementation of the increased security measures would prevent Mr. Terpin's number from being moved to another phone without Mr. Terpin's explicit permission, because no one other than Mr. Terpin and his wife would know the secret code."

"As AT&T later admitted, an employee in an AT&T store in Norwich, Connecticut ported over Mr. Terpin's wireless number to an imposter in violation of AT&T's commitments and promises, including the higher security that it had supposedly placed on Mr. Terpin's account after the June 11, 2017 hack that had supposedly been implemented to prevent precisely such fraud."

This time the thieves allegedly stole about $24 million worth of cryptocurrency, even though he tried to contact AT&T "Instantly" after his phone stopped working.

AT&T allegedly "Ignored" his request, leaving the hackers enough time to get enough information about Terpin's crypto accounts to move his funds to their own accounts.

The plaintiff complaint argues that Terpin's wife also tried calling AT&T at the time, but was put on "Endless hold" when she asked to be connected to AT&T's fraud department.

"AT&T is doing nothing to protect its almost 140 million customers from SIM card fraud. AT&T is therefore directly culpable for these attacks because it is well aware that its customers are subject to SIM swap fraud and that its security measures are ineffective. AT&T does virtually nothing to protect its customers from such fraud because it has become too big to care."

x