People walk past an AT&T store in New York on October 23, 2016.
Kena Betancur | AFP |Getty Images
A multi-million-dollar case involving stolen cryptocurrency filed against AT&T is moving forward.
A federal judge in Los Angeles, California rejected the telecommunications giant’s request to dismiss a suit filed by Michael Terpin last year for enabling the theft of $24 million worth of cryptocurrency. Terpin is seeking $200 million in punitive damages and $24 million of compensatory damages from AT&T.
“The evidence will show that AT&T not once, but twice allowed hackers posing as Michael to obtain his SIM card,” Terpin’s lead counsel Pierce O’Donnell, a partner with Greenberg Glusker Fields Claman & Machtinger in Los Angeles, said in a press release.
In a 69-page complaint filed in U.S. District Court in Los Angeles last summer, the crypto entrepreneur claimed that because of “AT&T’s willing cooperation with the hacker, gross negligence, violation of its statutory duties, and failure to adhere to its commitments in its Privacy Policy,” nearly $24 million worth of digital currency was lifted from his account. Terpin co-founded an angel group for bitcoin investors called BitAngels in 2013 and a digital currency fund, BitAngels/Dapps Fund.
“We dispute these allegations and look forward to presenting our case in court,” AT&T told CNBC in a statement.
The suit brought attention to a hacking method known as “SIM swapping, ” where criminals steal phone numbers and to log into people’s cryptocurrency accounts, then transfer money to themselves. Those instances and other high-profile hacks on exchanges caused deep sell-offs in bitcoin and other cryptocurrencies last year. Bitcoin was trading near $9,982 on Tuesday, and has roughly tripled in value since the beginning of this year. It became a household name in December 2017, when it reached a high of nearly $20,000 but has yet to recover to that level since.
Terpin said he was the victim of two hacks within seven months. At the time, he was using AT&T as his service provider and said cryptocurrency was taken through a “digital identity theft” of his account. He alleged that an impostor was able to get his phone number from an “insider cooperating with the hacker” without the AT&T store employee requiring him to show valid identification or provide a required password. That number was later used to access Terpin’s cryptocurrency accounts, according to the complaint.
“What AT&T did was like a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner,” the complaint alleged.
Hacks are not unusual in the fledgling space. The all-time total in cryptocurrency lost by individuals hit $1.5 billion at the end of last year, according to CoinDesk’s State of Blockchain Report.
In order to safeguard their money, cybersecurity and industry experts say investors should guard their cellphone numbers with the same paranoia with which they guard their social security numbers. Many crypto investors opt to keep their funds in what’s known as “cold storage.” The method allows you to store digital currency offline, away from any internet access, making it harder to hack.