Home / Archive / Bitcoin Investor Sues AT&T for $224 Million after Mobile-Linked Theft

Bitcoin Investor Sues AT&T for $224 Million after Mobile-Linked Theft

Last Updated March 4, 2021 3:55 PM
Josiah Wilmoth
Last Updated March 4, 2021 3:55 PM

A bitcoin investor has sued telecommunications giant AT&T for $224 million after losing millions of dollars worth of cryptocurrency in a theft that he says is the cellular service provider’s fault.

According to CNBC , California resident Michael Terpin has filed a 69-page complaint against AT&T in U.S. District Court in Los Angeles, in which he alleges that he lost $24 million worth of cryptocurrency after the cellular service provider negligently allowed a hacker to obtain unauthorized access to his cell phone account.

Terpin, who in 2013 co-founded an angel investment group called BitAngels and was also a founding partner of the Dapps Venture Fund, claims that an individual working with the hacker impersonated him and convinced an AT&T store employee to give them access to Terpin’s phone number without requiring him to show valid identification or provide the PIN code to Terpin’s account.

“AT&T’s willing cooperation with the hacker, gross negligence, violation of its statutory duties, and failure to adhere to its commitments in its Privacy Policy,” he said in the complaint. “What AT&T did was like a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner.”

In addition to the $24 million he lost in the two thefts, Terpin is seeking $200 million in punitive damages from AT&T, which is the world’s largest telecommunications provider and the second-largest mobile services provider.

AT&T said that it disputes the allegations and “look forward to presenting our case in court.”

In any case, the incident presents another reminder of the dangers of SMS-based two-factor authentication (2FA), which — though generally safer than not using 2FA at all  — still places users at risk of SIM-card jacking attacks, in which an attacker tricks a mobile provider into transferring the victim’s mobile account to a hacker-controlled phone.

When available, security experts advise that users secure their online accounts using app- and security key-based 2FA, though unfortunately many websites do not support them. Cryptocurrency investors should also consider securing their long-term holdings in offline “cold storage” wallets, which prevent hackers from obtaining access to the private keys over the internet.

Featured Image from Shutterstock