Judge Says Plaintiff Can Proceed Against AT&T in $24M Hack Case

Published at: Feb. 26, 2020

On Feb. 24, a California federal judge ruled that cryptocurrency investor Michael Terpin can proceed with his lawsuit against telecom corporation AT&T over a $24 million SIM hacking incident.

Terpin is arguing that an AT&T agent who was bribed by a criminal gang supplied data that allowed the hackers to steal $24 million worth of cryptocurrency in January 2018. Terpin is a prominent cryptocurrency investor who founded BitAngels in 2013.

On June 11, 2017, hackers were purportedly able to gain control of the investor’s phone number through a SIM swapping attack — allowing them to impersonate Terpin and convince one of his clients to send them cryptocurrency. 

After meeting with AT&T representatives during June 2017 to discuss the hack, Terpin’s account was placed on a “higher security level with special protection.”

On Jan. 7, 2018, Terpin’s phone was hacked for a second time, with the investor alleging that an AT&T employee facilitated the SIM swap. Terpin attempted to contact AT&T to cancel his telephone number, however, “AT&T failed to promptly cancel his account.” 

This resulted in the hackers using 2-Factor Authentication to reset the passwords for Terpin’s cryptocurrency wallets and steal $24 million in digital assets.

Three claims against AT&T upheld

Judge Otis Wright II dismissed 13 of the 16 claims brought against AT&T, however, he ruled that the telecoms giant must face statutory, contract, and tort damages claims. The court will also allow Terpin the opportunity to amend the rejected claims — except for a previously dismissed breach of implied contract claim.

Terpin intends to file a second amended complaint within three weeks to supplement his request for damages. The complaint will seek to demonstrate that AT&T was both aware of, and responsible for, “an ongoing sequence of cryptocurrency thefts due to SIM swaps dating back to well before Terpin’s hack.” Terpin stated:

“We look forward to demonstrating with compelling evidence the ‘advance knowledge and conscious disregard’ threshold by AT&T in its prior knowledge and ratification of ongoing SIM swaps causing economic loss.”

AT&T was aware of clients’ vulnerability to SIM hacking

The judge attributed the hack to AT&T providing “inadequate security measures to protect his SIM card.” Wright added that the telecom company is “morally culpable” through failing to prevent SIM swapping despite being “aware of the vulnerability of its customers” to the practice.

The court rejected AT&T’s motion to dismiss the claims, with the telecoms company claiming that Terpin had been unable to prove that he owned cryptocurrency or the precise method through which his crypto was stolen. Judge Wright concluded:

“The court finds this allegation adequate because Mr. Terpin alleges sufficient facts for the court to reasonably infer the hackers may have used [2-Factor Authentication] methods to glean Mr. Terpin’s personal information from various accounts, such as email or cloud storage.”

An AT&T representative stated that the company disputes the allegations and will continue to fight them in court.

Tags
Related Posts
UK High Court Orders Freeze on $1M of Bitcoin in Ransomware Case
A United Kingdom High Court ordered a proprietary injunction on Bitcoin (BTC) obtained through a ransomware attack on a Canadian insurance company. A proprietary injunction is an order which prevents a person from dealing with their own assets when it is subject of a proprietary claim. On Jan. 17, the UK High Court released documents concerning a ransomware attack, in which over 1,000 computers of the insurance company were rendered unusable through the use of malware that encrypted files, making them unaccessible. The unidentified attackers demanded $1.2 million in Bitcoin in exchange for decrypting the data. The firm’s insurer covered …
Bitcoin / Jan. 28, 2020
Deadline for Mt. Gox trustee rehabilitation plan extended again
The trustee of the now-defunct Japanese cryptocurrency exchange Mt. Gox has obtained another approval to extend the deadline for submitting a rehabilitation plan. Following a motion by Mt. Gox rehabilitation trustee Nobuaki Kobayashi, the Tokyo District Court issued another order to extend the deadline until Dec. 15, 2020, according to an official announcement posted on the Mt. Gox website on Oct. 15. Similarly to previous statements on deadline extensions, the new announcement specifies that the rehabilitation trustee is still formulating the plan, but “there are matters that require closer examination,” so it “has become necessary to extend the submission deadline.” …
Bitcoin / Oct. 15, 2020
Japanese Judge Upholds Charges Against Mt Gox’s Mark Karpeles
A Japanese judge ruled in support of data tampering charges moved against Mark Karpeles — the CEO of now-defunct crypto exchange, Mt. Gox. At the end of March, Karpeles appealed his conviction on charges of having tampered with financial record data to harm his clients. Now, local news outlet Nikkei reported on June 11 that Tokyo District Court Judge Mariko Goto decided to uphold the previous ruling. Karpeles sentenced to over 2 years in jail The previous ruling sentenced Karpeles to two and a half years in jail for tampering with Mt. Gox data for February-September 2013 and depositing $33.5 …
Bitcoin / June 11, 2020
Tether Calls Market Manipulation Allegations ‘Reckless and False’
Once again, Tether has ridiculed and dismissed allegations that it used its USDT stablecoin for manipulating Bitcoin’s (BTC) price. In a statement sent to Cointelegraph on Feb. 28, iFinex, the firm behind Tether, states that the claims in the market manipulation lawsuit against the firm are “reckless and false.” The statement reads: “The allegations in the complaint are without merit or legal basis, and exhibit a fundamental lack of understanding of the market structure of cryptocurrencies. Indeed, it is reckless and false to allege that USDT tokens are issued in order to manipulate markets.” Many of the accusations regarding Tether’s …
Regulation / Feb. 28, 2020
Bahamas reportedly asked SBF to mint new coin after FTX collapse
The Bahamas government reportedly worked with former FTX CEO Sam Bankman-Fried to issue a new cryptocurrency controlled by local officials. Following the FTX collapse in November, Bahamas government officials reportedly asked Bankman-Fried to mint new digital assets worth “hundreds of millions of dollars,” lawyers for FTX said in a court filing, Bloomberg reported on Dec. 12. The authorities also reportedly asked the former FTX CEO to transfer the new tokens to the control of island officials. The report also suggests that Bahamas officials tried to help Bankman-Fried regain access to key computer systems of the now-defunct FTX trading platform. According …
Regulation / Dec. 13, 2022