AT&T Faces Legal Battle Over Crypto Investor SIM Swap Case

Telecommunications giant AT&T is set to return to court over allegations of failing to protect user information in a case involving a high-profile SIM swap hack.

The legal battle began in 2020 when crypto investor Michael Terpin sued Ellis Pinsky, a teenager accused of stealing $24 million worth of cryptocurrency via a SIM swap that compromised Terpin’s crypto wallet security.

Pinsky, only 15 years old at the time of the theft in 2018, along with an accomplice, bribed an AT&T employee to transfer Terpin’s SIM card information onto a blank card. This enabled them to bypass the two-factor authentication protecting Terpin’s cryptocurrency wallet. The complex legal struggle earned Pinsky the nickname “Baby Al Capone.”

A Ninth Circuit Court of Appeals panel upheld most of the rulings in AT&T’s favor, dismissing several of Terpin’s claims. However, it reinstated the claim under Section 222 of the Federal Communications Act, which requires telecom providers to protect sensitive customer information.

This allows Terpin to continue pursuing $24 million, $14 million in interest, and attorney’s fees, totaling at least $45 million in damages from AT&T.

Terpin had previously sued Pinsky for $71.4 million, though the teenager returned $2 million. Additionally, Terpin sued Pinsky’s accomplice, Nicholas Truglia, for $75.8 million in 2019 and won. Pinsky, who recently graduated from New York University, agreed to testify in Terpin’s case against AT&T.

SIM-swapping is a big concern in the crypto world, especially for those with a lot of valuable assets. This is because people in these circles are more likely to have valuable holdings that hackers want to target.

Numerous online services, including email accounts, digital wallets, and cryptocurrency exchanges, offer users an added layer of security through SMS-based two-factor authentication. These services depend on the SIM card, which functions as a person’s unique identifier. However, relying solely on text-based two-factor authentication is a cybersecurity mistake.

 

Financefeeds.com