Judge lets AT&T off the hook for crypto investor SIM-swapping attack
An early crypto investor’s hopes of seeing a major telecom provider pay off a crypto heist in 2017 have all but been dashed. In accordance unsealed court documents filed last Thursday, the US District Court for the Central District of California ruled that AT&T was not liable for any damages due to the 2017 SIM swap hack that stole $24 million from early crypto investor Michael Terpin.
In 2018, Terpin sued AT&T for $224 million, claiming that the hacks could not have gone off without a company insider who provided access to his phone. He claimed in the original complaint that even though he had enabled two-factor authentication, AT&T acted “like a hotel giving a thief with a fake ID a room key and a key to the in-room safe.” At the time, the telecom giant disputed the claims.
Judge Otis Wright II previously had thrown out the compensation claim of 200 million dollars against the telecom giant on the grounds that the telco’s privacy rules do not guarantee protection against third-party hacks. The judge then allowed him to seek punitive damages, which this latest motion for summary judgment ultimately overruled. Terpin hoped to take AT&T to court in May.
You see, this case goes back before those days many millions dollars crypto hacks was nowhere close to the norm, and a paltry $24 million was enough to make big headlines. In 2018, then 18-year-old Ellis Pinsky came out as the mastermind behind the hack. Some tabloids began calling him “Baby Al Capone” for his leading role in the SIM-swapping raid. Pinsky was just 15 years old when he carried out the attack and led a group of 20 people who made about $100 million in crypto from SIM swapping and other hacks. Last December, a federal judge in New York convicted one of Pinsky’s few named accomplices, Nicholas Truglia, to 18 months in prison over the SIM-swapping scheme.
G/O Media may receive a commission
Last year, Pinsky agreed to pay Terpin back $22 million to the early bitcoin investor. As part of that deal was Pinsky must cooperatee with Terpin’s ongoing litigation against AT&T.
SIM swapping attacks involve hackers using public and private information found online, such as their phone and internet carrier, and then using the spoofed information to switch control of the brand’s SIM card to one they control. Hackers then use that access to dig into the target’s private information, in this case finding the password to his crypto wallet. Pinsky had previously said that there were many low-level workers at these telecom companies who were willing to take bribes to gain access to users’ phones.
Terpin is a long-time fintech investor and founder, having previously co-founded crypto investor network BitAngels as well as the Motley Fool and Match.com. In an email sent to Gizmodo, Terpin said he was “shocked and confused” by the ruling and that he intended to appeal. He added that the court’s opinion ignores “a mountain of evidence that AT&T was grossly negligent and deliberately ignored its legal duties to protect its customers from this type of cybercrime.”
An AT&T spokesperson told Gizmodo in an email: “As we’ve argued, fake SIM swaps are a form of theft committed by sophisticated criminals. It is unfortunate that these criminals targeted Terpin, but we are pleased that the court agreed that we were not responsible for Mr. Terpin’s loss.”