Bitcoin Investor Sues AT&T for $224 Million after Mobile-Linked Theft

A bitcoin investor has sued telecommunications giant AT&T for $224 million after losing millions of dollars worth of cryptocurrency in a theft that he says is the cellular service provider’s fault.

According to CNBC, California resident Michael Terpin has filed a 69-page complaint against AT&T in U.S. District Court in Los Angeles, in which he alleges that he lost $24 million worth of cryptocurrency after the cellular service provider negligently allowed a hacker to obtain unauthorized access to his cell phone account.

Terpin, who in 2013 co-founded an angel investment group called BitAngels and was also a founding partner of the Dapps Venture Fund, claims that an individual working with the hacker impersonated him and convinced an AT&T store employee to give them access to Terpin’s phone number without requiring him to show valid identification or provide the PIN code to Terpin’s account.

“AT&T’s willing cooperation with the hacker, gross negligence, violation of its statutory duties, and failure to adhere to its commitments in its Privacy Policy,” he said in the complaint. “What AT&T did was like a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner.”

In addition to the $24 million he lost in the two thefts, Terpin is seeking $200 million in punitive damages from AT&T, which is the world’s largest telecommunications provider and the second-largest mobile services provider.

AT&T said that it disputes the allegations and “look forward to presenting our case in court.”

In any case, the incident presents another reminder of the dangers of SMS-based two-factor authentication (2FA), which — though generally safer than not using 2FA at all — still places users at risk of SIM-card jacking attacks, in which an attacker tricks a mobile provider into transferring the victim’s mobile account to a hacker-controlled phone.

When available, security experts advise that users secure their online accounts using app- and security key-based 2FA, though unfortunately many websites do not support them. Cryptocurrency investors should also consider securing their long-term holdings in offline “cold storage” wallets, which prevent hackers from obtaining access to the private keys over the internet.

Featured Image from Shutterstock

Last modified: March 4, 2021 3:55 PM

Josiah Wilmoth

Josiah is the former U.S. Editor at, where he focused on financial markets. He lives in rural Virginia. Connect with him on LinkedIn or email him directly at josiah.wilmoth(at)