The chief executive of a cryptocurrency company is suing T-Mobile for enabling US$8.7 million in crypto to be stolen via SIM-swapping.
The lawsuit against the mobile carrier was filed by Reggie Middleton, the chief executive of Veritaseum.
Mobile cryptocurrency theft
In his lawsuit, Middleton states he was targeted in July 2017 by SIM-swappers. He says he reported the incident to T-Mobile right away, but he alleges T-Mobile did nothing to prevent four other SIM-swapping attacks in 2017. 2018 and 2019 saw additional SIM-swapping attacks against Middleton.
The lawsuit states, “As a result of T-Mobile’s gross negligence in protecting plaintiffs’ information, its negligent hiring and supervision of T-Mobile employees who were responsible for safeguarding that information, and its violation of laws that expressly protect the information of wireless carrier customers, plaintiffs lost $8.7 million in cryptocurrency.”
In addition, Middleton claims he has “suffered and continues to suffer severe anxiety, fear, and emotional distress relating to the repeated instances of identity theft.”
Rise of SIM-swapping
The last few years have seen quite a few cases of SIM-swapping attacks that result in millions in cryptocurrency being stolen. This crime works by a hacker gaining control of the victim’s mobile phone account by getting the service provider to port the victim’s phone number to a SIM card under the hacker’s control.
Hackers use personal information gathered from phishing or other means to convince the service provider that it is dealing with the account’s owner. There are also times when an employee of the mobile service provider was working with the hacker.
The result is that the hacker gains full control of the victim’s account, meaning they now intercept all messages and voice calls, thus allowing them to gain access to the victim’s email, cryptocurrency wallet, and so on.
The profits realized by SIM-swapping can be staggering. Investor Michael Terpin is suing a hacker, Ellis Pinsky, for stealing US$23.8 million [AUS$33.3 million] in crypto. Terpin has filed a civil lawsuit for US$71.4 million [AUS$99.9 million].
Pinsky allegedly told an informant that he had US$100 million [AUS$140 million] stashed offshore. Pinsky is only 18 years of age.
Last year, a hacker was sentenced to 10 years in federal prison for his SIM-swapping attacks. Joel Ortiz, age 21 at the time, pleased guilty to 10 felony theft charges for stealing US$7.5 million [AUS$10.5 million] in cryptocurrency from 40 people.