A sergeant from the Silicon Valley-based Regional Enforcement Allied Computer Team (REACT) says 5 hackers, aged 18-26, who collectively stole $50 million USD in cryptocurrencies by taking over victims phones were arrested in 2018, The New York Post reports.
Two of the more infamous alleged culprits are 21-year-old New Yorker Nicholas Truglia and 18-year-old Boston-area high school valedictorian Joel Ortiz.
Ortiz is now serving a 10-year prison sentence for his crimes.
According to The Post:
“Experts believe the crypto bandits’ crime spree is rooted in video games. Teens playing ‘Call of Duty’ communicated via a social site called Discord, setting up private chat groups that keep out predators and parents alike.”
The teens believed to have pioneered SIM-hacks originally conspired to steal and resell Twitter and Instagram accounts.
According to Santa Clara County Deputy District Attorney Erin West:
“Gamers figured out that they could hack into people’s accounts to get these handles and sell them for big bucks on a website.”
Some young hackers who adapted SIM-hacks to steal cryptocurrencies later became illicit millionaires overnight.
In a SIM-swap hack, attackers contact telephone service providers, impersonate their victims and ask the provider to activate a new phone.
Once the switch has been completed, the victim’s phone goes dark and a new phone controlled by the hacker is immediately activated.
From there, the phone can be used to access the email, personal information, and financial accounts of victims.
That is what happened to marketer-turned-crypto investor, Michael Terpin, in January 2018.
Terpin told the The Post he lost $23.8 million to Nicolas Truglia in a SIM-swap hack.
Terpin is now suing Truglia and AT&T for $224 million USD.
“I am trying to get AT&T to change things…And I want criminals brought to justice,” he said.
Regarding the lawsuit, a representative for AT&T told The Post, “Mr. Terpin is wrong, and we have asked the court to dismiss his complaint.”
Prosecutors and Terpin have reportedly produced evidence showing Truglia’s prodigious spending.
The accused wore a $100 000 USD Rolex and rented a $6,000 apartment that overlooked the Hudson River in New York. Several witnesses have reportedly claimed that Truglia told them he stole cryptocurrencies.
Terpin has also furnished documents that claim Truglia tweeted about a single $24 million dollar heist around the time Terpin was ripped off:
“Stole 24 million [but] can’t stay away from drugs…Stole 24 million dollars and still don’t have my s–t straight.”
But according to The Post:
“The scams began to unravel in March 2018, after a Cupertino, California, executive named Mitch Liu lost $10,000 in cryptocurrency.”
That theft reportedly intrigued REACT, who set about using cell-phone tower data to triangulate the location of the phone used to steal Liu’s money.
“We started following the [number] and realized that contact with the email service had to connect to a cell tower somewhere,” said REACT sergeant Samy Tarazi.
That cell tower, says Tarazi, was located in Boston:
“From there…we found the IMEI [International Mobile Equipment Identity] number of the phone that AT&T had switched the SIM card [information] to.”
The phone was tracked thanks to its unique International Mobile Equipment Identity (IEMI) number, and the phone was then linked with an email account used by Joel Ortiz.
Law enforcement agents said Tarazi, then hacked Ortiz. “We wanted to see where it would go, got the contents of his [email] account and, basically, we had his life.”
Shortly thereafter, Ortiz was busted at the Los Angeles airport while en route to an EDM festival in Belgium.
Prosecutors eventually negotiated a 10-year plea bargain with Ortiz for stealing between $5 and $15 million USD in cryptocurrencies.
Truglia, says The Post, is now charged with stealing $1 million from, “a Bay Area retiree.”