Discord chat logs obtained by Fox News show hackers plotting to steal a California man’s cryptocurrency stash via a SIM swap attack on his smartphone. The victim, Seth Shapiro, has filed a lawsuit against AT&T – calling it an inside job.
According to court documents, AT&T employees allegedly facilitated hackers in decimating Shapiro’s life savings, draining $1.8 million from his accounts, including cryptocurrencies and his daughter’s college fund.
Says Shapiro,
“AT&T’s negligence, criminal negligence, I would say, is almost unfathomable. It essentially destroyed our financial future, our entire life savings was stolen.”
SIM swapping is when a perpetrator takes control of a mobile device by first obtaining the target’s phone number, securing personal information about the account holder, contacting the victim’s wireless service provider, impersonating the account holder, responding to security questions and then asking the service provider to transfer the phone number to a new SIM card. That new SIM card belongs to the hacker.
Through another series of hacks, the perpetrator can then access all kinds of accounts that are tied to the phone number, including but not limited to financial accounts and crypto accounts, rapidly draining funds.
Shapiro says he was victimized multiple times.
“I was SIM swapped four times, the two biggest were in one day.”
He alleges that two AT&T employees accessed his account to aid in the theft, authorizing changes without his permission.
“The federal government, fortunately, found chat logs of these guys talking about exactly what they were doing to me at the time.”
Meanwhile, Los Angeles resident and SIM-swapping victim Michael Terpin has penned an open letter to the United States Federal Communication Commission (FCC) Chairman Ajit Pai. Terpin filed a lawsuit last year when he claimed he lost $24 million worth of cryptocurrencies due to a smartphone attack. Now Terpin is urging the federal regulator to be proactive in the fight against SIM swapping.
In his letter, Terpin offers his ideas on how the FCC can stop hackers. In addition to his losses, Terpin claims that more than 50 people have reached out to him with similar stories.
Writes Terpin,
- Mandate that all US mobile carriers cover their PINS and passwords, so that users must punch them in instead of reading them aloud to a retail clerk or call center employee…
-
Inform all US mobile carrier customers that they can opt-in to carrier high-security plans…
-
Initiate an immediate, comprehensive study (as was done for robocalls) with recommendations for mandatory reforms by the carriers…
Both Terpin and Pai are speakers at this year’s Mobile World Congress Americas in Los Angeles that’s taking place from October 22-24.
You can check out the full letter below published by CoinDesk.
An Open Letter to Ajit Pai by CoinDesk on Scribd
