More than $50 million in cryptocurrency has been stolen from U.S. personal wallets in the last 15 months, partly helped by a new hacking technique using switched SIM card identities. Five hackers aged between 18 and 26 have been arrested and charged with stealing cryptocurrency since the start of last year, a leading cyber cop told the New York Post.
Sami Tarazi is a supervisor at Silicon Valley’s Regional Enforcement Allied Computer Team, or REACT. His team has caught some of these cyber thieves by identifying an inherent weakness in their method. By relying on cell phones, their messages can be traced geographically to signal towers.
Get the BREAKERMAG newsletter, a weekly roundup of blockchain business and culture.
Joel Ortiz, then 18 years old, was traced to a few blocks in Boston. He had bragged on social media about helicopter tours of Las Vegas, helping law enforcement to pinpoint him. He has been sentenced to 10 years in jail. Tarazi believes he may have stolen up to $15 million in cryptocurrency.
Nicholas Truglia, 21, has been charged with stealing $1 million in cryptocurrency, but is being sued by entrepreneur Michael Terpin, 62, who says Truglia stole $24 million from him in various digital tokens. The young man allegedly showed a private-jet broker $100,000 in cash.
The hopeful hacker can take a new SIM card to a store, impersonating you, and switch your wireless carrier number to their new SIM card.
One of the latest techniques is called SIM-swapping. Suppose you own lots of a bitcoin and some kid wants to steal it. The hopeful hacker can take a new SIM card to a store, impersonating you, and persuade an employee to switch your wireless carrier number to their new SIM card. That means they start receiving your texts. Next, they tell Google they’ve forgotten their password, still pretending to be you. Google texts them a code that lets them reset it. Now they have your Google account, which gives them everything.
Many of the young hackers are thought to have learned the technique in gaming forums, where they realised they could steal simple social-media names and sell them for tens of thousands of dollars. Incredible though it may seem to outsiders, the handle @t was once sold for $40,000 in cryptocurrency. It was only more recently that thieves realized there was bigger money to be made stealing whole crypto wallets.