A man who lost $24 million in cryptocurrency in an elaborate SIM swap scam has won a multimillion-dollar verdict against the thief, who was 15 at the time of the hoopla.
According to court records [PDF] Ellis Pinsky, filed in federal court in New York City on Friday, agreed to pay Michael Terpin $22 million for his starring role in the SIM swap and crypto heist. Pinsky was a New York City high school student at the time of the theft in 2018, and he is said to have repaid his victim $2 million about a year later.
Pinsky, now 20, also agreed to testify against AT&T, according to Terpin. In a LinkedIn post today, the blockchain investor shared his victory in the civil lawsuit with his followers:
To the best of our knowledge, Pinsky has not been charged with any crime, and it is believed that this is because he was a minor at the time of the theft and because he worked with the Feds a few years ago as an investigator who immediately tuned into him. In a Rolling Stone interview over the summer, Pinsky — dubbed Baby Al Capone by the media — admitted he stole millions of crypto coins from Terpin via a SIM swap.
According to that article, Pinsky said he wrote a Python script that would scan social media for people who appeared to work for cellular networks and send them private messages. Pinsky, we were told, would offer these employees a small amount of bitcoin to perform SIM swaps, including port-outs.
This basically reassigns a victim’s phone number to the SIM card in the scammer’s phone, allowing the scammer to receive calls and texts from that number. Once this happens, the crook can request a password reset for the target’s webmail account, with the one-time verification code being sent to the thief via SMS. Now the thief has control over the email account and phone number and can start to search all online accounts and apps of the victim, reset passwords with the links and texts going to the webmail or hijacked phone number, to sign up and steal all (let’s say ) cryptocurrencies found.
What he did to Terpin, according to Pinsky: After an AT&T employee performed the SIM swap, he and an accomplice found a file in an Outlook account loaded with crypto wallet information, which was then used to do the to skim money. Specifically, it is alleged that Pinksy and his co-conspirator stole 3 million TRIG coins, each worth more than $7 at the time, and laundered them into bitcoins. TRIG has since plummeted to less than 20 cents per coin.
The other side
Terpin sued AT&T for $240 million in 2018 for repeatedly failing to protect his phone from the teenage scammer. It’s been a long, drawn-out case filled with legal maneuvering on both sides, but here’s the gist of what Terpin said happened to his phone — and in courtrooms ever since.
According to Terpin’s first lawsuit [PDF]In June 2017, a scammer posing as Terpin convinced an AT&T employee at a Connecticut store to transfer Terpin’s phone number to a different SIM card — after 11 unsuccessful scam attempts at other stores.
The rogue then used his access to Terpin’s phone number to gain access to his cryptocurrency holdings and transferred millions of dollars to another account.
Terpin complained to AT&T, and the airline agreed to implement additional security policies where future changes would require someone to provide not only ID but also a special six-digit code known only to him and his wife.
Despite this, scammers again hijacked his phone number in January 2018 and broke into his cryptocurrency accounts again, eventually stealing $24 million worth of digital coins. “The stolen phone number was accessed to hack into Mr. Terpin’s accounts, resulting in the loss of nearly $24 million worth of cryptocurrency coins,” the lawsuit reads.
In February 2020, a judge dismissed AT&T’s efforts to dismiss the case, finding that Terpin had provided sufficient evidence for the US telecom giant to defend its position before a jury.
Later that year, a judge dismissed a $200 million claim for damages that Terpin had filed against AT&T, but allowed the rest of the case to proceed. It is scheduled to appear in federal court in Los Angeles in May.
Interestingly, Pinsky told Rolling Stone that a few years ago he returned everything he could from the Terpin heist — 562 bitcoins, his share of the loot with his co-conspirator — when he realized the apprenticeship was over. In 2020, that BTC would be worth $2 million, which is what Terpin alluded to in his statement above. At their peak last November, those bitcoins would be worth about $40 million, and today: about $11 million. In any case, Pinksy has now agreed to pay Terpin $22 million one way or another. ®
https://www.theregister.com/2022/10/15/pinsky_terpin_sim_swap/ ‘Baby Al Capone’ pays $22 million to SIM-swap crypto robbery victim • The Register