AT&T sued for negligence over cryptocurrency hack

Donna Miller
August 16, 2018

A bitcoin investor is suing AT&T for $240m after it allegedly ported his phone number to a hacker, allowing the criminal to steal $24m in cryptocurrency.

Terpin is seeking $23.8 million in compensatory damages and a further $200 million in punitive damages, according to the suit.

Terpin, represented by Los Angeles litigation firm Greenberg Glusker, claimed in the lawsuit that after the theft of the digital currency, his cellphone account was transferred to an global criminal gang. The filing alleges that law enforcement had previously contacted AT&T about such frauds and yet the company took no precautions to prevent it. Lawyers claim that this fact is what moves the case from simple ignorance to "gross negligence". As soon as the criminal gets access over the phone number, he can use it to reset the subscriber's passwords and enter his personal accounts. That being the case, it's not terribly surprising that a prominent crypto investor who lost almost $24 million in stolen tokens is suing AT&T for a whopping $224 million. The hackers also used the phone to hijack Mr. Terpin's Skype account to impersonate him.

The precise details of the storage of Terpin's tokens are not now known.

A bitcoin investor has sued telecommunications giant AT&T for $224 million after losing millions of dollars worth of cryptocurrency in a theft that he says is the cellular service provider's fault.

Theresa May opt out of organ donation won't work study finds
In 2017/18 there were 6,044 people in the United Kingdom waiting for a transplant and 411 patients died while waiting. But research by Queen Mary University London surveyed attitudes in several nations with varying donation policies.

Terpin claims that the token theft took place via a so-called SIM swap fraud, which deceives a telecoms provider by transferring a user's phone number to a card possessed by someone else.

The thieves accomplished this through a technique know and "SIM swapping". Since then, most exchanges and online wallets require customers to enable 2FA on their accounts using TOTP systems like Google Authenticator, as it is significantly harder to gain access to accounts where a third-party is not involved in authentication. Terpin alleges that's what happened in this case, given that neither a valid ID nor the special six-figure passcode were asked for porting his details to a new SIM. Although it appears to have failed to implement its own security requirements - if we take Terpin's account of the theft to be entirely accurate - AT&T's lawyers will no doubt argue that it can not be held responsible for everything that happens subsequently.

SIM swapping is a growing problem. Terpin claims that after the initial breach, he was promised "the highest level of security for his account".

In an emailed response, an AT&T spokesman said: "We dispute these allegations and look forward to presenting our case in court".

Other reports by

Discuss This Article