Crypto Theft Victim Sues T-Mobile for Allowing SIM-Swap Attack

by Arnab Shome
  • The plaintiff lost 15 Bitcoins over a purchase to the hacker impersonating as Iterative Capital Co-founder.
Crypto Theft Victim Sues T-Mobile for Allowing SIM-Swap Attack
Bloomberg
Join our Crypto Telegram channel

A victim of a crypto theft using SIM-swap attack has filed a lawsuit against T-Mobile, alleging the failure and negligence on the part of the US cell phone carrier in preventing these scams.

According to the court documents filed earlier this week, the plaintiff, Calvin Cheng lost 15 Bitcoins, then worth over $450,000.

“This action arises out of T-Mobile’s systemic and repeated failures to protect and safeguard its customers’ highly sensitive personal and financial information against common, widely reported, and foreseeable attempts to illegally obtain such information,” the lawsuit alleged.

The plaintiff detailed that the perpetrator approached him on Telegram, impersonating Brandon Buchanan, Co-founder of investment fund, Iterative Capital. Buchanan is a T-Mobile customer and was the victim of the SIM-swap attack.

The hackers lured Cheng in selling 15 Bitcoins at a rate higher than the market.

Can Telecom Companies Avoid Such Attacks?

The lawsuit argued that the SIM-swap is a popular way of getting access to the victims’ phones, yet T-Mobile did not instate any security to prevent such attacks.

“Unlike a direct hack of data where a company like T-Mobile plays a more passive role, SIM-Swaps are ultimately actualized by the wireless carrier itself. It is T-Mobile, in this case, that effectuates the SIM card change,” the lawsuit added.

Earlier, AT&T, another major American cell phone services provider, was dragged to court multiple times for facilitating such SIM-swap attacks. Though the court dropped theft charges against the carrier, it is still on the trial for the $24 million damages.

Furthermore, the authorities all over the globe nabbed many for pulling out SIM-swap attacks. Most recently, Europol assisted the arrest of 10 men in connection with a massive $100 million crypto theft racket that targeted US celebrities.

A victim of a crypto theft using SIM-swap attack has filed a lawsuit against T-Mobile, alleging the failure and negligence on the part of the US cell phone carrier in preventing these scams.

According to the court documents filed earlier this week, the plaintiff, Calvin Cheng lost 15 Bitcoins, then worth over $450,000.

“This action arises out of T-Mobile’s systemic and repeated failures to protect and safeguard its customers’ highly sensitive personal and financial information against common, widely reported, and foreseeable attempts to illegally obtain such information,” the lawsuit alleged.

The plaintiff detailed that the perpetrator approached him on Telegram, impersonating Brandon Buchanan, Co-founder of investment fund, Iterative Capital. Buchanan is a T-Mobile customer and was the victim of the SIM-swap attack.

The hackers lured Cheng in selling 15 Bitcoins at a rate higher than the market.

Can Telecom Companies Avoid Such Attacks?

The lawsuit argued that the SIM-swap is a popular way of getting access to the victims’ phones, yet T-Mobile did not instate any security to prevent such attacks.

“Unlike a direct hack of data where a company like T-Mobile plays a more passive role, SIM-Swaps are ultimately actualized by the wireless carrier itself. It is T-Mobile, in this case, that effectuates the SIM card change,” the lawsuit added.

Earlier, AT&T, another major American cell phone services provider, was dragged to court multiple times for facilitating such SIM-swap attacks. Though the court dropped theft charges against the carrier, it is still on the trial for the $24 million damages.

Furthermore, the authorities all over the globe nabbed many for pulling out SIM-swap attacks. Most recently, Europol assisted the arrest of 10 men in connection with a massive $100 million crypto theft racket that targeted US celebrities.

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}