The appeals court reinstated the $24M crypto hack claim of an AT&T customer under the Federal Communications Act following a SIM exchange hack.
A panel of the Ninth Circuit Court of Appeals has reinstated a major claim in the lawsuits initiated by cryptocurrency investor Michael Terpin against AT&T. Terpin alleges that AT&T allowed hackers to compromise his phone, resulting in the loss of $24 million in cryptocurrency.
This decision reinstates some of the lawsuits previously dismissed by the court and enables Terpin to pursue his claims under the Federal Communications Act (FCA).
Federal Appeals Court Reinstates AT&T $24M Crypto Hack Lawsuit
A Bloomberg report indicates that the allegations against AT&T have been refined. Nevertheless, the appellate panel reversed the dismissal of most of the fraud and negligence claims and only reinstated Michael Terpin’s Section 222 of the FCA claim. This provision regulates telecommunications carriers to safeguard customer proprietary network information.
Terpin had presented a triable issue of fact that, but for AT&T’s failure to safeguard his account during the SIM exchange, he would not have been vulnerable to hackers who subsequently stole his cryptocurrency, according to the court.
The panel decided that the hackers could obtain Terpin’s phone number through the fraudulent SIM swap, which granted them access to his confidential information. This access enabled the hacker to alter passwords and steal $24 million of cryptocurrency from Terpin’s wallets.
Specifics of the 2018 SIM Swap Attack
The alleged hack occurred in January 2018, and Terpin’s lawsuit alleges that a group of hackers, led by Ellis Pinsky, who was 15 years old at the time, paid an AT&T staff member to transfer Terpin’s phone number to a SIM card possessed by the hackers. The hackers could circumvent the protection even though new measures were implemented in 2017 in response to the previous intrusion, which involved a six-digit passcode.
After obtaining his phone number, the hackers altered Michael Terpin’s account credentials and transferred $24 million in cryptocurrencies to himself. Pinsky, on the other hand, returned his portion of the stolen money. However, a Los Angeles court ordered another hacker, Nicholas Truglia, to pay Terpin $75.8 million in damages.
Simultaneously, in July, AT&T encountered an incident in which hackers allegedly took customers’ information, including call records and text messages. AT&T subsequently consented to pay the hackers $400,000 in Bitcoin to delete the data, as the reports indicated. Although AT&T has not officially acknowledged or denied this payment, data from blockchain sources such as Chainalysis suggests that funds were transferred in connection with the ransoms, as mentioned earlier.
After reinstatement, what is the next step?
The reinstatement of Terpin’s claim under the FCA enables his litigation to proceed to trial, where he is seeking $24 million in damages, prejudgment interest, and attorney’s fees. Pierce O’Donnell, Terpin’s attorney, stated that the appeal court’s decision was advantageous for consumers and could be replicated by other courts, allowing consumers to pursue lawsuits against telecommunications companies for SIM transfer fraud.
AT&T has apologized to the cryptocurrency investor for the theft of his assets; however, the telecommunications company has acknowledged that the court dismissed most of the allegations against it. The organization remains confident in its ability to refute the remaining allegations concerning FCA.
As the quantity of cryptocurrency-related hacking incidents continues to rise, it has attracted the attention of blockchain experts such as ZachXBT, who recently exposed another significant fraud in the United Kingdom. During his investigation, ZachXBT discovered that over 250 users were defrauded and lost $650,000 due to the use of phony Bybit demo accounts.
