Telecommunications company AT&T found itself on the end of a lawsuit this week after a customer accused it of allowing hackers to swap his SIM card, in what appears to be an elaborate scheme by fraudsters. The security breach resulted in the theft of cryptocurrency worth millions of dollars.
Michael Terpin, a serial cryptocurrency entrepreneur and technology startup extraordinaire, claimed that the AT&T’s lack of security allowed hackers to enter his wireless account on January 7, 2018, and steal crypto coins worth roughly $24 million.
Terpin is the founder of Marketwired, currently the world’s third-largest company newswire. His cryptocurrency endeavors include the first angel group for bitcoin investments, BitAngels, as well as Bitcoin Syndicate, and CoinAgenda. His PR firm, Transform, also works with cryptocurrency-linked companies and other tech companies.
It is unclear exactly how the thieves replaced Terpin’s mobile SIM, but the lawsuit suggests they impersonated him to AT&T’s customer-service agents and requested that the phone number be transferred to their own device.
Legal Risk Factor Beneath Ripple’s Lawsuit from SECGo to article >>
The carrier was at fault here
Once the thieves had access to his phone number, they were able to request a password change and reset the security on many of his accounts, effectively locking him out, he said. The hackers also changed the password on his cryptocurrency account and initiated the transfer of digital assets to their own wallets.
“What AT&T did was like a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner,” the complaint alleged.
The lawsuit described the case as an example of classic identity theft, in which hackers gained access to sensitive financial information by stealing personal data. The plaintiff is seeking damages and injunctive relief, claiming that the company was at fault and thus should pay him $224 million of compensation.