Michael Terpin is a California resident who is the co-founder of angel investing group BitAngels and BitAngels/Dapps Fund.
He files a $224 million lawsuit against his cell phone service provider AT&T.
He is seeking $200 million in punitive damages and also $24 million of compensatory damages for negligence.
Terpin alleges that AT&T cooperated with hackers and failed to adhere to its security procedures and this resulted in the loss of $23.8 million in crypto.
His complaint was filed in the US District Court in LA.
Hackers used SIM swapping
The hackers seem to have used a technique called SIM swapping. This involves tricking a cellphone provider such as AT&T by impersonating the victim and requesting a new SIM card.
After the scammers transfer the target’s phone number to a brand new SIM card, they will be able to take control of all the mobile accounts. Including the following: email accounts, bank accounts, crypto accounts, and entertainment accounts such as Spotify, Hulu, and Netflix.
According to the complaint, “What AT&T did was like a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner.”
The complaint reads: “AT&T is doing nothing to protect its almost 140 million customers from SIM card fraud. AT&T is therefore directly culpable for these attacks because it is well aware that its customers are subject to SIM swap fraud and that its security measures are ineffective.”
Terpin’s account was compromised twice during seven months
Terpin claimed that his account was compromised twice during a period of seven months.
According to the complaint, an AT&T in-store employee allegedly cooperated with the hacker and failed to obtain valid identification or to provide a required password before initiating the SIM card swap.
“AT&T violated Section 222 of the FCA and the CPNI Rules and ignored the warning in the Pretexting Order on January 7, 2018 when its employees provided hackers with Mr. Terpin’s SIM cards containing or allowing access to Mr. Terpin’s personal information, including CPI and CPNI, without Mr. Terpin’s authorization or permission, and without requiring that the individual accessing Mr. Terpin’s account present valid identification or comply with AT&T’s own procedures.”
AT&T told CNBC that they dispute all allegations and cannot wait to present their case in court.