A cryptocurrency investor accused a teen hacker and his crew of juvenile hackers for stealing $24 million in cryptocurrency via a SIM swap attack. According to a lawsuit filed in federal court in New York, Michael Terpin, the founder and CEO of blockchain advisory firm Transform Group, claimed that a teenage hacker Ellis Pinksy (aged 15), along with his group of teen hackers, compromised his phone and stolen his cryptocurrency in 2018. Terpin is suing Pinsky (now aged 18) for $71 million under a federal racketeering law that allows for triple damages, Bloomberg reported.
“Pinsky and his other cohorts are in fact evil computer geniuses with sociopathic traits who heartlessly ruin their innocent victims’ lives and gleefully boast of their multi-million-dollar heists,” Terpin said in his complaint.
Terpin stated that Pinsky’s group identified people with cryptocurrency holdings and illicitly took control of their phones by launching SIM swapping attack to divert authentication messages, gain information, and breach victims’ cryptocurrency accounts.
What Is a SIM Swapping Attack?
A SIM swapping attack is one of the simplest ways for cybercriminals to bypass users’ 2FA protection. In a SIM swap attack, the attacker calls service providers and tricks them into changing a victim’s phone number to an attacker-controlled SIM card. This allows the attacker to reset passwords and gain access to victims’ sensitive data.
In a similar cyber heist, Jack Monroe, a popular food blogger and activist, revealed that she lost about £5,000 (around US$ 6,395) from her bank account after being hit by a SIM-Swapping attack. The British-based writer stated that her phone number was seized and re-activated on another SIM card, despite using two-factor authentication (2FA). Monroe stated the attackers were able to receive her 2FA messages and accessed her bank and payment accounts.
“It seems my card details and PayPal info were lifted from an online transaction. The phone number was ported to a new SIM, meaning criminals access/bypass authentication and authorize payments. I’m an autistic, methodical, ruthless investigator, and I have a LOT of info to go on,” Jack Monroe said.