AT & T said it would fight allegations of negligence in the loss of a $ 1.7 million customer during a SIM card swap.
The charges come from Seth Shapiro, VideoCoin's strategy manager, who blames the phone giant for failing to secure his phone during hacking in May 2018.
Speaking exclusively to CoinDesk, AT & T spokesman Jim Greer said:
"It is unfortunate that Mr. Shapiro has experienced this, but we are challenging his allegations. We look forward to presenting our case in court. "
After a series of shameless SIM card swaps, Shapiro claimed to have lost $ 1.7 million in cryptocurrency. Hackers would have taken control of his mobile phone, reset his email and violated his trading accounts to steal a million dollars, the balance belonging to other people for future investments.
Greer said AT & T warned all customers to strengthen their security measures and that mobile phone authentication was not enough:
"Recent high-profile cases highlight how important it is for businesses and consumers to take steps to protect themselves from SIM card swap fraud, for example by not using mobile phone numbers as the sole source of security and authentication. "
To access Shapiro's SIM card, hackers allegedly paid AT & T employees – now dismissed and prosecuted in criminal court – for control.
According to Shapiro, the first phone call took place at the consensus conference in May 2018. On the same day, Shapiro's VideoCoin announced the closing of a $ 50 million private placement of coins. , for which its related fund Alphabit Fund had subscribed. Two of his colleagues in several companies – entrepreneurs Chris Kitze and Enzo Villani – were also hacked at the same time, but they did not lose any money.
In April 2019, Joel Ortiz, the 21-year-old suspected hacking mastermind Shapiro, was sentenced to 10 years in federal prison, after having pleaded no charges against the prosecution. Orchestrated 13 SIM card conversions. An accomplice, a minor aged 19, was charged in seven cases. Ortiz reportedly made $ 5.2 million, but only $ 400,000 was recovered.
Another large-scale SIM card piracy case was filed against AT & T last year when Michael Terpin, a cryptographic administrator working for a public relations firm, an investment firm, and a series of conferences , and a partner of Shapiro in several of these companies, said he lost 23.8 million USD. his phone was hacked.
Terpin sued the telephone company to recover his losses, in addition to $ 200 million in punitive damages and the violation was a violation of the federal Communications Act. The authors are said to have been named Nicholas Truglia, a 21-year-old thief based in New York, accompanied by his 16-year-old computer hacker.
According to an affidavit filed by a friend of Truglia caught in his chest, his MO companion had to be fraudulently added as an administrator to a target's phone account and then go to an AT & T store where he was using his own phone. identity to verify his identity and order an AT & T employee to make the necessary changes to give him access to the SIM card.
The least secure security measure
The loss highlights an obvious question for security experts, who were wondering why an experienced crypto maintainer would keep such large sums in an online exchange rather than in a "cold storage" – that is, a storage offline, where it would be completely protected from remote attacks.
Haseeb Awan, CEO of security provider DontPort, based in California, told CoinDesk that using a mobile phone to secure any part of the online security appliance was a huge potential vulnerability.
"People should avoid SMS [checking] as much as possible," said Awan. "Two-factor authentication is probably the worst form of authentication, because of the ease with which hackers compromise it.
Even without the moles of AT & T alleged by Shapiro, Awan, himself the target of multiple SIM card exchanges, said the social engineer in hackers, cheat and buy his way into the mobile accounts of casualties every day, making the value of the cell phone check almost negligible.
Many people think that they will never be hacked just because they've never been before, said Awan:
"It's like saying you will never die because you have not done it yet."
This pride makes them even more vulnerable.
SIM trading is a relatively well-known threat among high-level cryptographic system owners, who are often targeted for publicity and the increased likelihood of holding valuable assets.
Shapiro, the current head of VideoCoin's strategy and founder of various crypto media projects, even told investigators that he immediately suspected the SIM card swap when his phone suddenly stopped working .
Awan said that he was surprised that Shapiro could have lost so much money so easily:
"He's not a beginner. He's been in crypto for a while. "
Greer of AT & T said that offline storage is the only real solution:
"For cryptocurrency, security experts recommend additional safeguards, such as maintaining cryptocurrency in" cold storage ", an offline environment that can not be accessed over the Internet, and following the instructions for storing the connection information to the portfolio and exchanges. "
CoinDesk contacted Shapiro, his lawyer, Kitze, Villani and Terpin, none of whom responded to requests for comment.
It was unknown legal deposits, which, if any, security products that leaders had on their phones hacked.
Image of the SIM card via Shutterstock