NYC Hacker Steals $1 Million In Cryptocurrency With Just A Phone Call

We’re sorry; you have reached a number that has been disconnected or is no longer in service.

A New York City man has been arrested on allegations of stealing $1 million dollars in cryptocurrency from a Silicon Valley executive using a smartphone-based vulnerability known as ‘SIM swapping.’ How can you protect yourself from falling prey to a similar attack?

The hacker in question, 21-year-old Nicholas Truglia, has been apprehended and is facing 21 counts of felony conduct — including attempted grand theft, identity theft, and fraud.

The charges stem from an incident that occurred on October 26, when Truglia was able to take over control of the mobile phone number belonging to a Silicon Valley-based technology executive named Robert Ross.

SIM Swapping

In an attack commonly known as a ‘SIM swap,’ the attacker is able to contact the victim’s mobile phone service provider and claim that their phone was lost or stolen. The thief will then attempt to convince the service operator to remotely reassign all the phone’s credentials and information to a new device belonging to the thief by answering some security and identifying questions.

The same thing happened in this particular case, allowing Truglia to access Ross’s Coinbase and Gemini exchange accounts, where he was storing a total of $1 million worth of cryptocurrency — an amount he claimed was being saved for his children’s’ college education funds.

It was reported that only $300,000 had been recovered thus far, and it is unclear if Ross will ever be able to make the entire loss back.

A similar case happened this past summer resulting when $24 million in cryptocurrency was stolen from Michael Terpin, who turned around and sued his service provider AT&T for $224 million for (unknowingly) cooperating with the thieves.

sim swapping

Don’t Be A Target

The simple yet effective nature of this attack has many worried that they could one day become a victim and reexamining the security measures which can be used to mitigate such a breach.

In both cases described above, the attacker was able to drain the funds from the victims as they were sitting on cryptocurrency exchanges. The wallets which customers use on most cryptocurrency exchanges are ‘hot,’ meaning that they are connected to the internet and therefore more vulnerable to remote attacks.

One of the golden of rules of investing in cryptocurrency is to keep your funds which you are not using to trade in ‘cold’ storage via a hardware storage device or paper wallet, for example. If you do decide to leave funds on an exchange, it is best to set up multi-factor authentication on the account and only use the most trusted exchanges.

Data breaches and identity theft, unfortunately, happen all the time. You should always be careful with how much and with whom you share your private information about your life or finances.

Author: Carl Bird
Image Credit