Crypto SIM Hacker Agrees to Pay Back $22 Million to Investor

by Arthur · October 14, 2022

Crypto SIM Hacker Agrees to Pay Back Million to Investor

Michael Terpin sits with his hands in front of him and looks to the right. — Michael Terpin during an investor summit back in 2018. That year, Terpin’s crypto account was hit by a nearly $24 million SIM swapping hack, and he has spent years on both the hacker and AT&T, the latter for the security flaws.

A young man who wasn’t even old enough to drive back in 2018 managed to withdraw nearly $24 million from a major crypto investor’s account. Now, over four years later, and probably thousands invested in both an investigation and legal fees, Michael Terpin can now claim that he has reclaimed all of the … (presses earpiece closer) … it turns out, just $22 million from that original hacked, according to a recently submitted agreement.

The original complaint filed in New York Southern District Court back in 2020, it named then-18-year-old Ellis Pinsky for leading a group of 20 people who met on the OGUsers forum that attacked people’s crypto wallets using stolen SIM card data. Pinsky allegedly carried out this hack when he was just 15 years old while living with his mother in upstate New York. The only other hacker named in the original complaint was 20-year-old Nick Truglia, who had previously been jailed on federal charges in a separate crypto theft.

Terpin was an important name in the tech and crypto world, especially in his late 20s as co-founder of crypto investment firm BitAngels along with early work launching Motley Fool and Match.com. At the time, Terpin’s phone hack was one of the biggest crypto hacks of its kind. Today, however, $24 million would be chump change to some of the funds of modern cryptohackers seems to roll in by attacking crypto exchanges, protocols and cross-chain bridges.

As much as a “SIM swapping” attack might sound like the stuff of a crappy 90s spy movie involving lots of hackers wildly pounding away at their keyboards, the alleged scheme involved this group of young hackers tagging people with large crypto holdings back then. find out the phone and carrier information of their target. They would then use falsified identity information to get the carrier, in this case AT&T, to switch control of the brand’s phone SIM card to one they control. Now they can access the phone, they find the target’s wallet password and transfer the crypto holdings.

Some tabloids have called Pinsky “Baby Al Capone” for his $24 million fraud. In a Rolling Stone interview from July, Pinsky recounts how men once broke into his home in 2020 looking for the stolen funds that he claimed he no longer had. He also said that many of these underpaid employees for carriers like Verizon or AT&T were willing to take bribes to perform SIM swaps. This is what Pinsky claimed he used to perform the Terpin phone hack.

Pinsky’s attorney, listed as Amy Zamir of Nesenoff & Miltenberg, did not immediately respond to Gizmodo’s request for comment.

Terpin’s attorney, listed as Cornelius McCarthy of the New York-based firm Chehebar Deveney & Phillips, did not immediately respond to a request for comment on behalf of his client. Two years ago, a judge in California rejected Terpin’s claim against AT&T for $200 million in damages. Terpin had alleged that the company was responsible for the hack because he was assured two-factor authentication would keep his information secure. For its part, the mobile operator claimed that its privacy policy does not guarantee total protection.

Of course, there are new crypto hacks happening every other day, and October has proven to be one especially raw time to be involved in all kinds of DeFi projects.