Crypto Investor Sues AT&T
American cryptocurrency investor and entrepreneur Michael Terpin is suing telecommunications giant AT&T for a sum of $224 million. Terpin has accused the telecom company of fraud as well as gross negligence because of which he lost $24 million worth of cryptocurrency.
Michael Terpin is the co-founder of an angel group of Bitcoin investors named BitAngels. He is also the founder of digital currency fund, BitAngels/DApps Fund and a senior advisor to Alphabet Fund, one of the largest crypto hedge funds in the world.
Digital Identity Theft
Terpin filed a 69-page complaint in which he alleged that $24 million worth of cryptocurrencies were stolen from his mobile phone account in a case of digital identity theft.
This was done, according to the complaint, using SIM swap fraud. SIM (Subscriber Identification Module) cards are used to validate subscribers on mobile phones. A SIM swap fraud is when a provider is conned into transferring a subscriber’s number to another SIM card which is controlled by someone else. Once that person has access to a user’s phone number, he or she can use it to reset all passwords and access that user’s online accounts.
After the first hack attack, Terpin alleges that “insider cooperation” from AT&T is what allowed the hacker to access his cell phone number – without a store employee of the telecom company having to validate ID proof or even give a password. Once the hacker had access to his phone number, he or she was able to get to Terpin’s cryptocurrency holdings.
The entrepreneur claims that after the digital currency was stolen from his account, his mobile phone account was transferred to an international criminal gang.
The Dangers of Using Mobile Devices
AT&T’s spokesperson issued a statement that the company disputed these allegations and that they were looking forward to presenting their case in court. However, according to Terpin, this is not the first time that AT&T has been contacted by law enforcement agencies in relation to similar frauds.
Be that as it may, this case highlights the dangers of SMS-based 2FA (2 Factor Authentication) processes on mobile devices. While this process is safer than not using any kind of authentication process, it is still vulnerable to SIM-jacking attacks.
In fact, security experts advise users to secure their online accounts by using app as well as security based 2FA. The problem is that most websites do not support such processes.