US authorities charged last week nine individuals with wire fraud and aggravated identity theft for being part of a cybercrime ring that used hijacked phone numbers and SIM cards to steal cryptocurrencies.
The “SIM-jacking” group, known as “The Community,” consists of nine people – eight Americans and one Irishman – aged between 19 and 28 years. The fraudulent scheme spread across Florida, California, Iowa, New York, Missouri, Connecticut, and Arizona.
After more searching, officers discovered that three of defendants were former employees at mobile phone providers who helped the ring to gain control of personal data of their companies’ subscribers. The group used Discord and Telegram chats to conduct their business.
According to the criminal complaint, the defendants discussed stealing from one of the two Winklevoss twins, although they don’t appear to have followed and it wasn’t clear how serious they were.
Trade Breakouts on the Best Mobile AppGo to article >>
Court documents reveal that the scammers operated by obtaining personal information on victims and then either bribing or impersonating cellular service company employees to obtain a new SIM card activated with the victim’s information. From there, it was simple to compromise the victim’s e-mail accounts and cryptocurrency wallets.
Crypto users are vulnerable to tricks like SIM hijacking
US law enforcement agencies are seeking the extradition of a 20-year-old Dublin man in connection with the scam that resulted in the theft of cryptocurrency worth nearly $2.5 million and scored as much as $470,000 in a single heist.
The first evidence of the “The Community” surfaced when a mother in Michigan overheard her son pretending to be an AT&T employee and called investigators. Discoveries by state investigators led to identifying files with a list of names and phone numbers, along with SIM cards and cell phones.
The indictment alleges that once “The Community” had control of a victim’s phone number, the phone number was leveraged as a gateway to gain control of online accounts such as a victim’s email, cloud storage, and cryptocurrency exchange accounts. For example, “The Community” would use their control of victims’ phone numbers to reset passwords on online accounts and/or request two-factor authentication (2FA) codes that allowed them to bypass security measures,” the US Department of Justice further explains.
Earlier last years, a Florida-based law firm sued AT&T and T-Mobile after customers accused the telecom giants of allowing hackers to swap their SIM cards. A Silver Miller’s client claimed that the AT&T’s lack of security allowed hackers to enter his account, even after it increased security following an earlier attempted hack, and steal crypto coins worth roughly $620,000.