Bitcoin investor and cryptocurrency entrepreneur Michael Terpin has sued telecommunications company AT&T for $224 million over theft of cryptocurrency. Michael Terpin is the founder of Transform Group and BitAngels. He has filed a lawsuit against AT&T on Tuesday. According to Terpin, hackers are continuously targeting cryptocurrency investors and despite knowing this AT&T failed to secure his phone number. Attackers were able to steal his phone numbers in a fraud called as SIM swapping, SIM hijacking, or “port out scam.”
In the last few months, various attackers have stolen millions of dollars in cryptocurrencies by attacking people who regularly invest in the cryptocurrency world. In the month of April, the prevalent Ethereum wallet MyEtherWallet endured a phishing attack on its Public DNS. An attack on the DNS (domain name system) took the wallet’s clients onto some suspicious servers that resulted in the leakage of their login credentials.
In a lawsuit, Terpin has stated that he was victimized by not one, but two hacks within seven months. He further argued that,
Even after AT&T had placed vaunted additional protection on his account after an earlier hacking incident, an imposter posing as Mr. Terpin was able to easily obtain Mr. Terpin’s telephone number from an insider cooperating with the hacker without the AT&T store employee requiring him to present valid identification or to give Mr. Terpin’s required password.
According to Bitcoin investor, it was AT&T’s fault and it provided his phone number to hackers without sticking to its security policies that enabled the cryptocurrency theft to happen. It was like a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the legitimate owner.
A 69-page lawsuit further explained that,
A verdict for $24 million of compensatory damages and over $200 million for punitive damages might attract the attention of AT&T’s senior management long enough to spend serious money on an acceptable customer protection program and measures to ensure that its own employees are not complicit in theft and fraud. Then and only then will AT&T’s promise to protect the types of personal information that directly led to the hacking of Mr. Terpin’s accounts ring true.
AT&T has faced SIM card swap fraud, including events such as prominent members of the cryptocurrency world. The company’s employees are involved in such fraud and can bypass AT&T’s security covers. Despite the events, AT&T is not at all interested in securing its system against hackers.
Terpin has further argued in a lawsuit that,
On April 8, 2015, the FCC fined AT&T a record $25 million for violating Section 222 of the FCA by allowing its employees to hand over to thievesthe CPNI of almost 280,000 customers. In addition to being forced to pay $25million to the FCC, AT&T entered into a consent decree requiring it to implement measures to protect CPNI. The April 8, 2015 consent decree (“Consent Decree”)remains in full force and effect.
Hackers are strange and they could come up with various ways to hack anything. Few months ago, attackers compromised a non-profit cloud-based instant messaging service Telegram. They were able to exploit a vulnerability in Telegram to spread cryptocurrency miner to earn cryptocurrencies such as Monero and ZCash. The Telegram “zero day” flaw was used to spread multipurpose malware, which depending on the device can be used either as a backdoor or as a tool to deliver mining program.
Bitcoin investor Terpin has directly blamed AT&T for the loss. According to him, AT&T’s clients are subject to SIM swap fraud (also called SIM swapping, SIM hijacking, or “port out scam”) carried out by hackers. This attack was due to the active participation of AT&T’s own employees and hackers.
Motherboard reported that an AT&T spokesperson sent a statement via email: “We dispute these allegations and look forward to presenting our case in court.”