A hacker was able to get his hands on roughly $1 million in cryptocurrency by using a San Francisco resident’s cell phone number.
Robert Ross, a father of two, says that his phone suddenly lost its connection on October 26, 2018. Confused by the matter, he went to a nearby Apple store to see what the problem was and later spoke with his service provider AT&T. By the time the issue had been resolved, however, roughly $500,000 had already been lifted from two of Ross’ cryptocurrency accounts – one with Coinbase, the other with Gemini, and the hacker wasn’t ready to stop.
21-year-old Nicholas Truglia is the suspected attacker, who in all managed to walk off with approximately $1 million of Ross’ crypto funds. A felony complaint was filed in November in a California state court. Prosecutors are now saying that Truglia had been collecting phone numbers for some time – primarily of Silicon Valley executives – but had been unsuccessful in robbing their accounts.
This Is Happening a Lot
Erin West – deputy district attorney of Santa Clara County (where Ross lives) – comments:
“It’s a whole new wave of crime. It’s a new way of stealing money. They target people that they believe have cryptocurrency.”
Truglia has been charged with roughly 21 counts including identity theft, attempted grand theft, fraud, crimes that “involve a pattern of related felony conduct” and even embezzlement.
Someone’s in Big Trouble
Ross had been accumulating the money for many years, hoping to have enough for his daughters’ college funds by the time they reached 18. The money was initially stored in USD on the crypto exchanges. Truglia later converted the money into digital assets and was able to move it into his own accounts before Ross could regain control of his cell phone.
The Accused Nicholas Truglia, Image from Finance Magnates
After getting a warrant, officials searched Truglia’s high-rise apartment in Manhattan last week. While they were able to recover approximately $300,000 of the stolen funds, they claim that the rest of the money may be difficult to locate.
The Cycle Continues
Discussing the blockchain, West believes it’s something of a mixed bag, commenting:
“In some ways, it’s helpful because we can see where the money is going. That’s the beauty of blockchain. It’s public, but what we still can’t see is who holds those accounts.”
Truglia was able to target other victims during his crimewave including Saswata Basu, the CEO of blockchain storage service 0Chain; Gabrielle Katsnelson, the co-founder of SMBX, and Myles Danielson, a hedge fund executive. Truglia has agreed to extradition, and Santa Clara officials are scheduled to pick him up in December. A trial date will be set soon after.
Can’t This Be Controlled?
This isn’t the first case of a hacker hijacking a person’s phone to get their hands on crypto. Several cases have occurred in recent months through a relatively new tactic known as SIM swapping. A hacker targets a person and gathers information about them for several days. Once they have data regarding account passwords and security questions, they call the person’s cell phone provider and request that their number be transferred to a different SIM card.
After a few probing questions (to which they typically have all the answers), the number is switched over to a card controlled by the hacker. They can then use the phone number to access the person’s personal (in this case, crypto) accounts.
The most recent high-profile case of SIM swapping occurred in California last summer when a man sued AT&T for a record $224 million after the company allegedly failed to initiate appropriate security measures that allowed hackers to gain control of his SIM card and steal money from his crypto holdings.