T-Mobile sued by victim who lost $450K in Bitcoin in SIM swap attack

Published at: Feb. 12, 2021

Telecoms provider T-Mobile has become the latest corporate name to come under fire for its alleged negligence and failure to protect customer information, which indirectly enabled a "SIM swap attack" that led to the successful theft of $450,000, or 15 Bitcoin (BTC).

A SIM swap attack — also referred to as a port-out scam — has proved to be a popular tactic with criminals in recent years. Such an attack involves the theft of a victim’s cell phone number, which can then be used to hijack the victim's online financial and social media accounts by intercepting automated messages or phone calls that are used for two-factor authentication security measures. 

The lawsuit filed against T-Mobile on Feb. 8 in the Southern District of New York by plaintiff Calvin Cheng — the victim who alleges he lost $450,000 in Bitcoin following such an attack — explains exactly how it is that telecoms firms come to play such a crucial role in this particular kind of fraud: 

"A criminal third-party convinces a wireless carrier like T-Mobile to transfer access to one of its legitimate customers' cellular phone number from the legitimate customer's registered SIM-card [...] to a SIM-card controlled by the criminal third party [...] This sort of account takeover is not an isolated criminal act, per se, as it requires the wireless carrier's active involvement to swap the SIM to an unauthorized person's phone."

The incident at issue in the lawsuit occurred, according to Cheng, after a SIM-swap was successfully carried out in May 2020 against a T-Mobile customer and co-founder of crypto-focused investment fund Iterative Capital, Brandon Buchanan.

Cheng had conducted several successful transactions with Iterative to purchase Bitcoin in the months prior to the incident, communicating with Buchanan and others in Iterative via Telegram and using a crypto exchange administered by the fund.

After the SIM-swap, the perpetrators allegedly impersonated Buchanan on a Telegram chat with Cheng, reaching out to him asking him whether or not he wanted to sell Bitcoin for an Iterative client at an attractive premium. Having been lulled into thinking the communications were from Buchanan, Cheng agreed to the deal and transferred the Bitcoin to a digital wallet he believed to be controlled by Buchanan and/or Iterative — a mistaken belief, as it soon turned out.

A couple of days later, Buchanan reached out to Iterative's exchange clients to inform them that several of his accounts had been compromised by SIM-swappers, who had falsely assumed his identity and used it to initiate trades on Iterative's supposed behalf. The rest of the complaint details Cheng's appeal to the FBI, which is investigating the incident and attempting to identify the perpetrators. Buchanan has also attempted to intercede directly with T-Mobile on behalf of Cheng, but has failed to secure a refund on his behalf.  

As the lawsuit underscores, SIM-swapping is hardly a new phenomenon and has been actively discussed by federal agencies since 2016 at the latest. Nor is this the first time T-Mobile has been embroiled in SIM swap-related lawsuits involving cryptocurrency investors.

The lawsuit accuses T-Mobile of failing implement to adequate security policies to prevent unauthorized access to its customers' accounts, failing to train or supervise its employees to prevent successful fraud, and of wrongful conduct in its "reckless disregard" for various obligations and duties under federal and state law. The carrier is thus accused of knowingly violating the Federal Communications Act the Computer Fraud and Abuse Act, the New York Protection Act, as well as two counts of negligence. 

Tags
Bitcoin
Cryptocurrencies
Crimes
Telecom
Sim Card
Related Posts
US Blockchain Investor Terpin Awarded Over $75 Million in SIM Swapping Case
United States blockchain and crypto investor Michael Terpin has won $75.8 million in a civil case against 21-year-old Nicholas Truglia, who reportedly defrauded him of crypto assets. Reuters reported the news on May 10. Per the report, the California Superior Court last week ordered Manhattan resident Truglia to pay the amount above in compensatory and punitive damages. The amount is reportedly one of the largest court judgments awarded to an individual in the crypto space thus far, Reuters notes. As previously reported, Terpin filed the complaint against Truglia in particular in late December, after first filing a lawsuit against AT&T …
Blockchain / May 11, 2019
New Ransomware Uses a Banking Trojan To Attack Governments and Companies
A new type of ransomware attack emerged in recent months, raising red flags among the cybersecurity community and authorities such as the FBI in the United States. Cybersecurity firm Group-IB has warned that it comes in the form of a Trojan, according to a report published on May 17. According to Group-IB’s study, the ransomware is known as ProLock and relies on the Qakbot banking trojan to launch the attack and asks the targets for six-figure USD ransoms paid out in BTC to decrypt the files. The roster of victims includes local governments, financial, healthcare and retail organizations. Among them, …
Bitcoin / May 19, 2020
Crypto Scammers Turn Toward Terrorism With a Japanese Bomb Threat
Crypto terrorists threatened to bomb a government office on the Japanese island of Hokkaido. They told authorities that they would only disable the alleged explosive device if their crypto ransom was paid. According to FNN, the terrorists sent the Numata Town Hall an email stating they had installed a bomb in a women’s second-floor toilet. They claimed that as long as officials met their payment demands before 03:00 UTC on June 29, the bomb would not be detonated. However, this appears to have been a fake threat. The deadline set by the criminals has passed and the hall remains intact …
Bitcoin / July 29, 2020
WSJ: $88.6 Million in Illicit Funds Funneled Through Cryptocurrency Exchanges
A recent Wall Street Journal investigation has found that $88.6 million in ill-gotten funds have been funneled through 46 cryptocurrency exchanges, the WSJ reported September 28. $9 million of the suspect funds reportedly went through crypto exchange ShapeShift. ShapeShift is a Switzerland-based digital currency exchange that was formed in 2014 by Erik Voorhees. Unlike other trading platforms, ShapeShift allows users to anonymously trade Bitcoin (BTC), which police can track, but can not identify the individual behind the transaction. To conduct its investigation of crypto money laundering, WSJ reportedly developed a computer program that tracked funds from over 2,500 suspected investment …
Bitcoin / Sept. 28, 2018
South Korea’s Financial Watchdog Urges Lawmakers to Move Forward With Crypto Bill
South Korean watchdog the Financial Services Commission (FSC) has urged lawmakers to hasten their approval of the country’s first cryptocurrency bill, Bloomberg reports July 26. Hong Seong-ki, head of the FSC’s virtual currency response team, has reportedly warned of the security and money laundering risks courted by the country’s domestic crypto exchanges. Bloomberg cites Seong-ki as saying that: “While crypto markets have seen rapid growth, such trading platforms don’t seem to be well-enough prepared in terms of security. We’re trying to legislate the most urgent and important things first, aiming for money-laundering prevention [AML] and investor protection. The bill should …
Bitcoin / July 26, 2018