SIM-Swap Victim Sues Crypto Exchange Bittrex for $1M Bitcoin Theft

Published at: Nov. 4, 2019

Gregg Bennett, a SIM-swap hack victim and angel investor, sued cryptocurrency exchange Bittrex over allegedly allowing the theft of nearly $1 million in Bitcoin (BTC).

According to a press release published on Oct. 30, Bennett believes the exchange violated its own security standards and allowed hackers to steal his cryptocurrency in April. The lawsuit, filed in King County Superior Court, suggests that the exchange committed “unfair and deceptive acts that misrepresented its level of security."

A SIM-swapping attack

The hackers reportedly took control of Bennett’s mobile number and then used it to access his online accounts, including Bittrex, on April 15. The cybercriminals then allegedly sold the Bitcoin for other crypto assets at below-market prices and transferred the funds to an account under their control.

Bennett claims that he realized that he was under attack, but the exchange failed to react for nearly two hours, which allegedly allowed the attackers to steal his funds. Per the release, the hackers tried to withdraw more funds, but by then the exchange had already reacted to Bennett’s emails — the only way the exchange can be contacted, according to the lawsuit.

Red flags allegedly ignored

Dan Kittle, who works at Lane Powell — the law firm representing Bennett — said:

“As alleged in our complaint, Bittrex ignored a number of red flags warning Bittrex that the person initiating the withdrawal was not Gregg Bennett. [...] We plan to show in court that Bittrex either ignored or was unaware of standard industry safeguards to prevent hacks just like this.”

The exchange reportedly ignored that the hacker used a different operating system and a suspicious IP address. Furthermore, the exchange allegedly did not impose a 24-hour hold period on the account’s funds after the password change. Bennett commented:

“Bittrex was bamboozled by hackers who should have been as visible as thieves wearing masks and carrying guns. [...] I am asking for Bittrex to do the right thing by plugging what I see as gaping holes in their approach to security, and to return my coin to me.”

Bennett also explained that Bittrex and its owner Bill Shihara were difficult to convince that he was actually hacked, stating:

“I am going to do everything I can to hold those responsible accountable for their actions, so other people aren’t victims of similar negligence.”

As Cointelegraph reported last month, SIM swapping victim Michael Terpin wrote an open letter to the United States Federal Communication Commission Chairman Ajit Pai requesting action to render such attacks impossible in the future.

Tags
Blockchain
Cryptocurrency Exchange
Hacks
Hackers
Cybercrime
Sim Card
Related Posts
US Blockchain Investor Terpin Awarded Over $75 Million in SIM Swapping Case
United States blockchain and crypto investor Michael Terpin has won $75.8 million in a civil case against 21-year-old Nicholas Truglia, who reportedly defrauded him of crypto assets. Reuters reported the news on May 10. Per the report, the California Superior Court last week ordered Manhattan resident Truglia to pay the amount above in compensatory and punitive damages. The amount is reportedly one of the largest court judgments awarded to an individual in the crypto space thus far, Reuters notes. As previously reported, Terpin filed the complaint against Truglia in particular in late December, after first filing a lawsuit against AT&T …
Blockchain / May 11, 2019
LCX loses $6.8M in a hot wallet compromise over Ethereum blockchain
The hack was first identified by PeckShield, a blockchain security company, based on the suspicious transfer of ERC-20 tokens from LXC to an unknown Ethereum (ETH) wallet. Liechtenstein-based crypto exchange LCX has confirmed the compromise of one of its hot wallets after temporarily suspending all deposits and withdrawals on the platform. hot wallet compromised? @lcx https://t.co/uL5a7oCFfM — PeckShield Inc. (@peckshield) January 9, 2022 The probable hot wallet compromise was soon confirmed by the exchange as it announced the loss of numerous tokens including ETH, USD Coin (USDC) and other tokens including its in-house LCX token. Ethereum blockchain based assets such …
Blockchain / Jan. 9, 2022
Report: Blockchain-related hacks have declined in 2020
The amount of cryptocurrency and blockchain-related hacks has been decreasing over the course of 2020, a new report claims. According to data analyzed by VPN provider Atlas VPN, the number of hacks in the first half of 2020 dropped more than three times compared to the same period in 2019. The data is part of a report released by Atlas VPN on Oct. 28. According to Atlas VPN, 2019 was a record-breaking year for blockchain hackers that exploited 94 successful attacks in the first half of the year, while in H1 2020 there were 31. Per the report, 2019 as …
Technology / Nov. 2, 2020
Binance Freezes Funds Stolen From Upbit in Late 2019
An address associated with the $50 million hack of South Korean crypto exchange, Upbit, has moved some of the stolen Ethereum (ETH) to Binance. The world's biggest exchange immediately froze these funds on its platform, and has initiated an investigation. On May 13, Whale Alert tweeted that a 137 ETH ($27,164) transaction was moving funds derived from hacked Upbit exchange to Binance. According to the transaction details, the transfer occurred at 12 p.m. EST. Less than one hour after the transaction was flagged, Binance CEO Changpeng Zhao, or CZ, stepped in to the tweet thread to report that the transferred …
Blockchain / May 13, 2020
Expert Warns: Don’t Trust Ransomware Groups Amid Pandemic
A cybersecurity expert explained why he is convinced that the promises made by ransomware groups amid the pandemic are irrelevant. Brett Callow — threat analyst at cybersecurity firm Emsisoft — told Cointelegraph that multiple ransomware groups recently made promises to halt their activity against medical organizations amid the coronavirus pandemic. Still, he believes that those promises are irrelevant: “The claims of a ceasefire made by ransomware groups are irrelevant [and] should be completely disregarded. Would you leave your front door unlocked simply because the local burglars had pinky-promised not to rob you? Probably not. The story of the frog and …
Blockchain / April 16, 2020