The Silicon Valley cryptocurrency hacker Nicholas Truglia lifted $1 million in cryptocurrency, according to prosecutors. SIM Swapping is something that has risen in popularity amongst hackers, especially those who are targeting cryptocurrency users. What is a major symptom? Losing cellphone service when you normally have service.
San Francisco resident Robert Ross, a father of two, noticed his phone suddenly lose its signal on October 26th. He quickly went to a nearby Apple store and contacted his service provider, AT&T. But it was too late – a hacker drained $500,000 from two separate accounts he had with Coinbase and Gemini.
Nicholas Truglia, 21, stole the $1 million from Ross’ two cryptocurrency accounts. This is from a felony complaint filed this month in California’s state court. Prosecutors say Truglia also hacked the phones of multiple Silicon Valley executives but was not able to rob their accounts.
Erin West, the deputy district attorney of Santa Clara County, said “It’s a whole new wave of crime. It’s a new way of stealing money: they target people that they believe to have cryptocurrency.”
Truglia has been charged with 21 counts, including identity theft, fraud, embezzlement, and attempted grand theft in Ross’ case.
West said Ross had been saving that money for his daughters’ college funds and stored it in US dollars on the crypto exchanges. Truglia converted those USD into cryptocurrency and moved it to his own accounts before Ross was able to regain control of his phone number.
A warrant was issued and executed for Truglia’s residence last week. They were able to recover $300,000 from a computer hard drive – but the rest of the money may be tough to track down.
Cryptocurrency fans love the technology because transactions are recorded on a public ledger – so it’s easier to “follow the money”. While transactions can be seen by anyone, the identity of the sender and receiver tend to stay anonymous.
“In some ways, it’s helpful because we can see where the money is going – that’s the beauty of the blockchain. It’s public, but what we still can’t see is who holds those accounts”, West said.
Cryptocurrency trading peaked in popularity last year, attracting wave after wave of retail investors as Bitcoin rose to nearly $20,000. But that popularity and the relatively lax-security-minded came the rise of successful hacks. The total in cryptocurrency lost by individuals hit $1.6 billion at the end of June, according to CoinDesk’s 2018 State of Blockchain Report. Bitcoin is also down more than 75% since those December highs.
Other victims listed in the court papers include Saswata Basu, CEO of blockchain storage service 0Chain; Myles Danielson, a hedge-fund executive, and Gabrielle Katsnelson, co-founder of start-up XMBX.
Truglia has agreed to extradition, and Santa Clara officials expect to pick him up in December. A court date will be set shortly thereafter.
But how did Truglia manage to succeed? He (allegedly) used a method of SIM Swapping. SIM Swapping involves taking over a phone number by duping wireless carriers.
Wireless store employees can assign your phone number to any device with the right authorization. To confirm a phone swap, they ask for pieces of information like a birthday or a Social Security number. This data is easily obtainable on the Dark Web.
Once a criminal hacks into a person’s email or cryptocurrency account from their own devices, what’s known as a “two-factor identification” will send a text code to the phone number to prevent any unauthorized login. Do you see the problem yet? Because the criminal had already successfully transferred your service to a phone under their control, you don’t get the text for 2 factor identification – the hacker does.
Cybersecurity and Industry experts say investors should guard their cellphone numbers with the same paranoia with which they guard their social security numbers. Experts also recommend that investors keep their funds in what’s known as “cold storage”. The method allows you to store digital currency offline, away from any internet access.
What do you do for security? Do you keep your cryptocurrency on exchanges? in a wallet? Do you use two factor identification? Or do you step your game up with 2 factor authentication via Google 2FA and other similar products? We’ve covered hacks and we’ll cover hacks again in the future. What’re you doing to best protect yourself? Let us know on our Facebook page!
