One unnamed cryptocurrency entrepreneur claims to have had $1.5 million in cryptocurrencies stolen while attending the Consensus blockchain conference in May 2018.
According to reports by Motherboard, a 20-year-old college student named Joel Ortiz allegedly worked with associates to steal cryptocurrency valued at $5 million from around 40 victims. Ortiz was arrested on July 12, 2018, by Californian police, under suspicion of hacking cell phones and stealing the cryptocurrency using a technique known as SIM swapping or SIM hijacking.
Ortiz faces 13 charges of identity theft, 13 counts of hacking, and two charges of grand theft. On top of stealing cryptocurrency, Ortiz and his associates are suspected of commandeering social media accounts with the intention to sell them for bitcoin on the internet.
The Californian case investigators who helped lead to Ortiz's arrest are part of the cybercrime-focused Regional Enforcement Allied Computer Team. They tracked Ortiz through call records from AT&T and associated email addresses. Investigators also identified the cryptocurrency exchanges used by Ortiz, including Coinbase, Bittrex, and Binance, and served them with warrants for information.
The cybercrime team began investigating Ortiz after another unnamed cryptocurrency investor reported that hackers stole his cell phone number. Apparently, Ortiz and his associates targeted the entrepreneur between February and March of 2018. Ortiz managed to hijack the victim's phone number twice, reset his passwords to Gmail and cryptocurrency wallets, and even added two-factor Google authentication to lock the victim out of his own accounts.
Investigators have so far only recovered $250,000 of the stolen cryptocurrency.
The Santa Clara County deputy district attorney Erin West was keen to hear from other victims of SIM hijacking. She told Motherboard, "We think that this is something that's underreported and very dangerous."
SIM hijacking usually involves tricking a mobile phone service provider, like AT&T or T-Mobile, into moving the victim's phone number to a new SIM in the hands of the criminal. Hackers like Ortiz convince service providers they are the phone owner and the phone has been stolen.
Through obtaining phone access, hackers can also bypass two-factor authentication methods. The victim's phone number is used to reset passwords and quickly access their online accounts.
SIM swapping (also known as a "port out scam") is becoming an increasingly common method for hackers to access cryptocurrency exchange accounts, wallets, and high-profile social media accounts.
Many US cell phone providers are adding additional password and PIN security to users' accounts. Anyone concerned is advised to call their provider to set up this supplemental security sooner rather than later and investigate other methods of securing phone numbers and valuable accounts.