- A federal judge in California allows a case against AT&T alleging that it involves the theft of millions of dollars worth of cryptocurrency through a man’s phone to move forward.
- The case brought attention to a hacking method known as “SIM swapping,” where criminals steal phone numbers to log into cryptocurrency accounts, then transfer the money to themselves.
A multi-million-dollar case involving stolen cryptocurrency filed against AT&T is moving forward.
A federal judge in Los Angeles, California rejected the telecommunications giant's request to dismiss all of the claims in a suit filed by Michael Terpin last year for enabling the theft of $24 million worth of cryptocurrency. Terpin is seeking $200 million in punitive damages and $24 million of compensatory damages from AT&T.
"The evidence will show that AT&T not once, but twice allowed hackers posing as Michael to obtain his SIM card," Terpin's lead counsel Pierce O'Donnell, a partner with Greenberg Glusker Fields Claman & Machtinger in Los Angeles, said in a press release.
The judge tossed out 13 of the 16 claims, finding that Terpin did not adequately show how the theft of his cell phone number was connected to the cryptocurrency claims. AT&T told CNBC in a statement that the company was "pleased the court dismissed most of the claims" and "the plaintiff will have the opportunity to re-plead but we will continue to vigorously contest his claims."
"We dispute these allegations and look forward to presenting our case in court," AT&T told CNBC in a statement.
The suit brought attention to a hacking method known as "SIM swapping," where criminals steal phone numbers and to log into people's cryptocurrency accounts, then transfer money to themselves. Those instances and other high-profile hacks on exchanges caused deep sell-offs in bitcoin and other cryptocurrencies last year. Bitcoin was trading near $9,982 on Tuesday, and has roughly tripled in value since the beginning of this year. It became a household name in December 2017, when it reached a high of nearly $20,000 but has yet to recover to that level since.
Terpin said he was the victim of two hacks within seven months. At the time, he was using AT&T as his service provider and said cryptocurrency was taken through a "digital identity theft" of his account. He alleged that an impostor was able to get his phone number from an "insider cooperating with the hacker" without the AT&T store employee requiring him to show valid identification or provide a required password. That number was later used to access Terpin's cryptocurrency accounts, according to the complaint.
"What AT&T did was like a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner," the complaint alleged.
Hacks are not unusual in the fledgling space. The all-time total in cryptocurrency lost by individuals hit $1.5 billion at the end of last year, according to CoinDesk's State of Blockchain Report.
In order to safeguard their money, cybersecurity and industry experts say investors should guard their cellphone numbers with the same paranoia with which they guard their social security numbers. Many crypto investors opt to keep their funds in what's known as "cold storage." The method allows you to store digital currency offline, away from any internet access, making it harder to hack.