Crypto SIM Hacker Agrees to Return $22 Million to Investor

Michael Terpin sits with his hands in front of him looking to the right.

Michael Terpin at an investor summit in 2018. That year, Terpin’s crypto account was hit by a SIM card swap hack for almost $24 million, and he spent years target both the hacker and AT&T, the latter for its security vulnerabilities.

A young man who wasn’t even old enough to drive in 2018 managed to withdraw almost $24 million from the account of a major crypto investor. Now, over four years later and thousands likely invested in both an investigation and attorneys’ fees, Michael Terpin can now say he’s got it all back… (presses the earpiece closer ) a recently submitted agreement.

The initial complaint filed in New York’s Southern District Court in 2020, then-18-year-old Ellis Pinsky led a 20-person group that met on the OGUsers forum that attacked people’s crypto wallets using data stolen SIM cards. Pinsky allegedly performed this hack when he was just 15 years old while living with his mother in upstate New York. The only other hacker named in the original complaint was 20-year-old Nick Truglia, who had previously been jailed for a separate crypto theft.

Terpin was a major name in the tech and crypto world, particularly in the late 20s as a co-founder of crypto investment firm BitAngels with early pitching work at Motley Fool and Match. com. At the time, the Terpin phone hack was one of the biggest crypto hacks of its kind. These days, however, $24 million would be a small sum for some of the funds of modern hackers. seem to roll in by attacking crypto exchanges, protocols and cross-chain bridges.

As much as a “SIM-swap” attack might sound like a shitty 90s spy movie that involved numerous hackers wildly typing on their keyboards, the alleged scheme involved this group of young hackers tagging people with large crypto holdings so find out phone and carrier information about their target. They would then use false identity information to trick the carrier, in this case AT&T, into switching control of the brand’s phone SIM card with the one they control. Now able to access the phone, they find the target’s wallet passcode and transfer the crypto assets.

Some tabloids called Pinsky “Baby Al Caponfor his $24 million scam. In a Interview with the Rolling Stones from July, Pinsky recounts how men broke into his home in 2020 looking for the stolen funds he claimed he no longer had. He also said that many of those underpaid employees for carriers like Verizon or AT&T were willing to take bribes to trade SIM cards. This is what Pinsky claimed to have used to perform the Terpin phone hack.

Pinsky’s attorney, listed as Amy Zamir of Nesenoff & Miltenberg, did not immediately respond to Gizmodo’s request for comment.

Terpin’s attorney, listed as Cornelius McCarthy of New York firm Chehebar Deveney & Phillips, did not immediately respond to a request for comment on his client’s behalf. Two years ago, a California judge dismissed Terpin’s suit against AT&T for $200 million in damages. Terpin had alleged that the company was responsible for the hack because he was confident that two-factor authentication would keep his information secure. For its part, the mobile operator argued that its privacy policy does not guarantee full protection.

Of course, new crypto hacks happen every other day, and October proved to be a especially raw time be involved in any type of DeFi project.