A bitcoin investor has sued telecommunications giant AT&T for $224 million after losing millions of dollars worth of cryptocurrency in a theft that he says is the cellular service provider’s fault.
According to CNBC, California resident Michael Terpin has filed a 69-page complaint against AT&T in U.S. District Court in Los Angeles, in which he alleges that he lost $24 million worth of cryptocurrency after the cellular service provider negligently allowed a hacker to obtain unauthorized access to his cell phone account.
Terpin, who in 2013 co-founded an angel investment group called BitAngels and was also a founding partner of the Dapps Venture Fund, claims that an individual working with the hacker impersonated him and convinced an AT&T store employee to give them access to Terpin’s phone number without requiring him to show valid identification or provide the PIN code to Terpin’s account.
In addition to the $24 million he lost in the two thefts, Terpin is seeking $200 million in punitive damages from AT&T, which is the world's largest telecommunications provider and the second-largest mobile services provider.
AT&T said that it disputes the allegations and “look forward to presenting our case in court.”
In any case, the incident presents another reminder of the dangers of SMS-based two-factor authentication (2FA), which -- though generally safer than not using 2FA at all -- still places users at risk of SIM-card jacking attacks, in which an attacker tricks a mobile provider into transferring the victim's mobile account to a hacker-controlled phone.
When available, security experts advise that users secure their online accounts using app- and security key-based 2FA, though unfortunately many websites do not support them. Cryptocurrency investors should also consider securing their long-term holdings in offline "cold storage" wallets, which prevent hackers from obtaining access to the private keys over the internet.
Featured Image from Shutterstock