A 21-year old Manhattan resident has been accused of SIM-swapping the mobile number of Robert Ross, a Silicon Valley executive, and managed to steal $1 million.
The accused, Nicholas Truglia, not only targeted Ross’s phone number with SIM-swapping attacks but many others too including 0Chain CEO Saswatu Basu, co-founder, and COO of SMX (Small & Medium Business Exchange) Gabrielle Katsnelson, and hedge funder Myles Danielsen.
According to Ross, he learned about the attack after realizing that something strange was happening in his mobile phone soon after 26th October, when it lost its signals. Later, it became apparent that on that day, his entire life savings was stolen including the amount that he had saved for the education of his two daughters.
SIM-swap attacks are becoming a lot more common these days. Also called Port Out scams, SIM-swap is a method in which scammers trick the customer’s cellphone service operators for giving them the full control of someone else’s mobile phone number. They call the cellphone service company and ask for switching the number to a new device, sometimes temporarily.
This seemingly unlikely feat is accomplished by scammers pretty easily. They just have to prove it to the cellphone operator company that they are the real owner of the number by providing personal details of their target. Until the victim realizes that something is wrong with their mobile, their deed is done. This way, attackers are able to circumvent 2FA security checks and can gain access to high-value accounts.
Reportedly, Truglia used his West 42nd Street apartment in the Bay Area as the central base to track his SIM-swapping scheme targets. It normally happens that when an online account sends the authentication token to another phone number via SMS, cybercriminals are often the sole beneficiaries.
Ross was targeted by Truglia on October 26, US prosecutors stated, and he could successfully carry out SIM-swap to steal $1 million from Ross’s digital banks Gemini and Coinbase accounts ($500,000 from each account). He then converted the money into cryptocurrency before transferring it to his account.
Truglia was tracked down and arrested by detectives from his apartment on 14th November. They also confiscated a hardware wallet from his residence that contained $300,000 worth of cryptocurrency. The rest of the amount hasn’t been traced as yet.
He’s the same guy who was tortured by four of his friends who wanted to access his cryptocurrency accounts.
Truglia is currently under detention and will be extradited to Santa Clara, California, and will be facing 21 felony charges in total regarding theft, fraud, using private data without authorization, and damaging a personal computer.
SIM-swapping has become a serious issue now that everyone has an online account and financial assets are linked so casually with our mobile devices. Mobile phone service providers need to up their game and be alert from fake callers in order to protect their clients.