A cryptocurrency investor sues a group of teen hackers over a SIM swap attack carried out in 2018
A teenager and his group of adolescent hackers have been accused of stealing over $24 million in cryptocurrency through a SIM swap attack.
Michael Terpin, founder and CEO of the blockchain advisory firm Transform Group, alleges that a fifteen-year-old Ellis Pinksy and his crew of fellow teen hackers managed to compromise his phone and steal cryptocurrency last 2018.
Terpin is now suing Pinksy, who is now 18 years old, for $71 million under a federal racketeering law that allows for triple damages.
In his complaint, Terpin described Pinksy and his group as “evil computer geniuses with sociopathic traits who heartlessly ruin their innocent victims’ lives and gleefully boast of their multi-million-dollar heists.”
Terpin also stated that Pinksy and his group’s modus is to identify people with cryptocurrency holdings and then proceed to take control of their phones using an illicit SIM swapping attack that redirects authentication messages, gains information, and eventually breaches the victim’s cryptocurrency accounts.
SIM swap attacks are one of the easiest ways for cybercriminals to circumvent a users’ 2-factor authentication. It is orchestrated by the attacker calling the service providers and convincing them to change the victim’s phone number to a number that is controlled by the attackers. Once this is finished, the attacker has full access to their victim’s personal information—they can now change the passwords that have been set and view sensitive data.
Jack Monroe, a well-known activist, and food blogger shared that she also fell victim to a similar heist. Monroe lost over £5,000 or US$6,395 from her bank account due to a SIM swapping attack. Her phone number was seized and re-activated on another SIM card, despite the presence of two-factor authentication.
“It seems my card details and PayPal info were lifted from an online transaction. The phone number was ported to a new SIM, meaning criminals access/bypass authentication and authorize payments.” Monroe explained.
An official report states that the hackers orchestrating Monroe’s SIM swap goes by the name Chuckle Squad.
Twitter CEO and co-founder, Jack Dorsey, has also fallen victim to a SIM swap attack in the past. An unidentified group of hackers took advantage of the mobile carrier’s cell carrier vulnerability and enabled access to his account, where they proceeded to post anti-Semitic comments using his handle.
Twitter officials have since clarified that Dorsey’s account has been retrieved and there are no signs that the platform’s systems have been hacked.