Crypto SIM Hacker Agrees to Pay Back $22 Million to Investor

A young man who was not even old enough to drive back in 2018 managed to yoink nearly $24 million from a major crypto investor’s account. Now, over four years later and thousands likely invested in both an investigation and lawyers fees, Michael Terpin can now claim he has reclaimed all… (presses earpiece closer)… strike that, just $22 million from the the original hack, according to a recently filed agreement.

The original complaint filed in New York Southern District Court back in 2020 named the then-18-year-old Ellis Pinsky of leading a 20-person group that met on the OGUsers’ forum that attacked people’s crypto wallets using stolen SIM card data. Pinsky allegedly performed this hack when he was only 15 years old while living with his mother in upstate New York. The only other hacker named in the original complaint was 20-year-old Nick Truglia, who had been previously jailed on federal charges for a separate crypto theft.

Terpin was a major name in the tech and crypto world, especially back in the late 20-teens as the co-founder of crypto investment firm BitAngels along with early work launching Motley Fool and Match.com. At the time, Terpin’s phone hack was one of the largest crypto hacks of its kind. Nowadays, however, $24 million would be chump change to some of the funds modern crypto hackers seem to be rolling in by attacking crypto exchanges, protocols, and cross-chain bridges.

As much as a “SIM-swap” attack might sound like the stuff of a shitty ‘90s spy film that involved a lot of hackers tapping wildly on their keyboards, the scheme alleged involved this group of young hackers marking people with large crypto holdings then finding out the phone and carrier information on their target. They would then use forged identity information to get the carrier, in this case AT&T, to switch over control of the mark’s phone SIM card with one they control. Now able to access the phone, they find the target’s wallet passcode and transfer out the crypto holdings.

Some tabloids have called Pinsky “Baby Al Capone” for his $24 million scam. In a Rolling Stone interview from July, Pinsky relates how men once broke into his home in 2020 looking for the stolen funds that he claimed he no longer had. He also said that many of these underpaid employees for carriers like Verizon or AT&T were willing to take bribes to perform SIM swaps. This is what Pinsky claimed he used to perform the Terpin phone hack.

Pinsky’s attorney, listed as Amy Zamir of Nesenoff & Miltenberg, did not immediately respond to Gizmodo’s request for comment.

Terpin’s attorney, listed as Cornelius McCarthy of the New York-based firm Chehebar Deveney & Phillips, did not immediately respond to a request for comment on behalf of his client. Two years ago, a California judge threw out Terpin’s claim against AT&T for $200 million in damages. Terpin had alleged the company was responsible for the hack because he was assured two-factor authentication would keep his information secure. For their part, the mobile carrier argued its privacy policy doesn’t guarantee total protection.

Of course, there are new crypto hacks happening every other day, and October has proved an especially raw time to be involved in any kind of DeFi project.