One early crypto investor’s hopes to see a major telecom provider pay up for a 2017 crypto heist have been all but dashed. Unsealed court documents filed last Thursday, the U.S. District Court for the Central District of California shared that AT&T wasn’t liable to any damages due to the 2017 SIM swap hack that stole $24 million from early crypto investor Michael Terpin.
In 2018, Terpin sued AT&T for $224 million, alleging the hacks could not have gone off without an inside man at the company who provided access to his phone. He claimed in the original complaint that although he had enabled two-factor authentication, AT&T was acting “like a hotel giving a thief with a fake ID a room key and a key to the room safe.” At the time, the telecommunications giant disputed the allegations.
Judge Otis Wright II had previously thrown out the $200 million damages claim against the telecom giant on the grounds that the telecom company’s privacy policies didn’t guarantee protection from third party hacks. The judge then allowed him to file for punitive damages, which this latest motion for summary finally quashed. Terpin was hoping to take AT&T to court in May.
You see, this case goes back before the days when multi-million dollar crypto hacks were nowhere near the norm, and a paltry $24 million was enough to make major headlines. In 2018, the then 18-year-old Ellis Pinsky came out as the mastermind behind the hack. Some tabloids started calling him the “Baby Al Capone” for his leading role in the SIM swap attack. Pinsky was only 15 when he carried out the attack leading a 20-person group making around $100 million in crypto from SIM swaps and other hacks. Last December, a New York federal judge sentenced one of Pinsky’s few named accomplices, Nicholas Truglia, to 18 months in prison over the SIM swap scheme.
Last year, Pinsky agreed to pay Terpin $22 million back to the early bitcoin investor. As part of that agreement, Pinsky was supposed to cooperate with Terpin’s ongoing litigation against AT&T.
SIM swap attacks involve hackers using some public and private information found online, such as their phone and internet carrier, then using that forged info to switch control of the mark’s SIM card to one they control. Hackers then use that access to dig into the target’s private information, and in this case, find the passcode to his crypto wallet. Pinsky had previously said that there were many low-level workers at these telecom companies willing to take bribes to access users’ phones.
Terpin is a longtime fintech investor and founder, having previously helped create crypto investor network BitAngels as well as Motley Fool and Match.com. In an email statement sent to Gizmodo, Terpin said he was “shocked and baffled” by the ruling and that he intended to appeal. He added that the court’s opinion ignores “a mountain of evidence that AT&T was grossly negligent and consciously disregarded its legal duties to protect its customers from this type of cybercrime.”
A spokesperson for AT&T told Gizmodo in an email “As we’ve maintained, fraudulent SIM swaps are a form of theft committed by sophisticated criminals. It is unfortunate that these criminals targeted Mr. Terpin, but we are pleased the court agrees that we were not responsible for Mr. Terpin’s losses.”