Content, Breach

Cryptocurrency Investor Sues Alleged SIM Card Hacker for $71 Million

A cryptocurrency investor has accused a teenager of commanding a crew of adolescent hackers into swiping millions from the alleged victim in a SIM swap ruse, according to a lawsuit filed in federal court in New York.

Angel investor Michael Terpin claims Ellis Pinksy at age 15 ran a ring of “evil computer geniuses with sociopathic traits” who “gleefully boasted of their multi-million-dollar heists.” Terpin, who founded BitAngels, an investor network for digital currency startups, and serves as chief executive of a blockchain advisory firm, is suing Pinsky for $71 million, three times damages as allowed under a federal racketeering law, Bloomberg reported. The legal filing describes Pinsky as, "on the surface... an 'all American boy' lives a suburban life with a doting mother who is a prominent doctor."

How Do SIM Card Swapper Hacker Attacks Work?

In a SIM (Subscriber Identification Module technology that authenticates a mobile phone subscriber) card dodge, a hacker convinces a service provider to port the legitimate user’s SIM card to a device used by the cyber robber. SIM swappers use hijacked phone numbers to hack personal information of victims, such as online Bitcoin wallets. Terpin claims that Pinsky’s crew edged into his phone in a SIM swap that enabled them to intercept his messages and gain information to lift from him millions in cryptocurrency.

SIM swap hacks allow cyber fraudsters to bypass two-factor authentication cybersecurity that MSPs and MSSPs increasingly embrace to lock-down their internal and customers’ systems.

According to Terpin, Pinsky claimed to have stolen more than $100 million in cryptocurrency and converted large sums into cash. When confronted by Terpin about his role in the con, Pinsky allegedly coughed up some cryptocurrency, cash and other items of value, which Terpin took as an admission of guilt, reports said.

Additional SIM Card Cybersecurity Lawsuits

In 2018, Terpin gained some notoriety by bringing a high-profile $224 million lawsuit levied at telecom giant AT&T for failing to protect him in the Pinsky SIM swap scheme. Terpin filed the case in U.S. District Court in Los Angeles last summer, claiming that “AT&T’s willing cooperation with the hacker, gross negligence, violation of its statutory duties, and failure to adhere to its commitments in its privacy policy,” resulted in the theft from his account. In February, a federal judge allowed most of Terpin’s claims to go forward, possibly setting a precedent that carriers can be held liable when they permit their customer data to be hacked.

Early in 2019, Terpin chalked up a $76 million default judgment in a similar, civil case against Nicholas Truglia, who snookered him out of millions in bitcoin. Truglia was among a group of SIM swappers apprehended for stealing the phone numbers of at least 40 victims. One crook, Jose Ortiz, was sentenced to 10 years in prison and is said to be the first person convicted of a SIM swapping crime. Terpin claims Pinsky was aided by Truglia.

In a somewhat similar case, a Seattle-based angel investor sued a cryptocurrency exchange late last year, claiming he was fleeced in a high-stakes SIM swap grift that netted the crooks 100 bitcoin worth roughly $1 million. Greg Bennett, the angel investor, sued Bittrex, the cryptocurrency exchange, in King County (Washington) Superior Court, claiming that Bittrex could have but didn’t stop the April 15, 2019 SIM attack on his account because it didn’t adhere to the exchange’s own security protocols or accepted industry standards.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.