U.S Telecom giant T-Mobile is being sued by a client who has been attacked in a SIM swapping incident, following in the theft of 15 BTC or $450,000.
The lawsuit has been filed on Feb. 8 in the Southern District of New York by plaintiff Calvin Cheng. The plaintiff’s attorneys allege that T-Mobile’s neglect to preserve customers’ sensitive data notwithstanding frequent SIM attacks is indicted for the theft.
Numerous of Iterative’s Exchange Accounts Compromised by Sim Swappers
In May 2020, a SIM-swapping attack was carried out against a T-Mobile client, also the co-founder of crypto-focused investment fund Iterative Capital, Brandon Buchanan.
The plaintiff received a message via Telegram, believing it was from Buchanan offering him an above market value rate for 15 BTC in May 2020. The hackers purportedly impersonated Buchanan on a Telegram chat with Cheng, urging him whether he wanted to sell Bitcoin for an Iterative client at an attractive premium.
Beforehand, Cheng had successfully conducted various transactions with Iterative Capital, Buchanan, and others for trading Bitcoin in the months before the incident via Telegram.
Considering the chat was from Buchanan, Cheng allowed to transfer the Bitcoin to a cryptocurrency wallet, assuming Buchanan or Iterative Capital controlled it. A few days later, Buchanan reached out to Iterative Capital’s exchange clients, notifying them that SIM-swappers had compromised several of their accounts. The sim swappers faked assumed his identity and used it to initiate trades on Iterative Capital’s behalf.
FBI Investigating the T-Mobile Incident
The rest of the complaint reveals that the FBI is investigating the incident and identifying the perpetrators. According to the complaint, T-Mobile violated federal laws and was negligent in its hiring and training of customer service personnel.
A SIM-swap attack involves the theft of a victim’s cell phone number. The cell phone number can then hijack the victim’s online financial and social media accounts by intercepting automated messages or phone calls used for two-factor authentication security measures.
Can Telecom Companies Avoid Such Attacks?
The lawsuit argued that the SIM-swap is a popular way of getting access to the victims’ phones, yet T-Mobile did not instate any security to prevent such attacks.
“Unlike a direct hack of data where a company like T-Mobile plays a more passive role, SIM-swaps are ultimately actualized by the wireless carrier itself. It is T-Mobile, in this case, that effectuates the SIM card change,” the lawsuit added.
Previously, another major American TELECOM services provider, AT&T, was dragged to court multiple times for facilitating such SIM-swap attacks. Though the court dropped theft charges against the carrier, it is still on the trial for the $24 million damages.
Moreover, authorities all over the globe caught several perpetrators for pulling out SIM-swap attacks. Most recently, Europol assisted the arrest of 10 men in connection with a huge $100 million crypto theft racket that targeted US celebrities.
To get the latest Cryptocurrency, Blockchain, and Crypto-mining news, please join our Telegram Channel