Nicholas Truglia, a 21-years-old man from New York, has been accused of stealing $1 million from Silicon Valley executive via SIM swap. He gained access to his phone number and used it impersonate the executive and steal $500,000 from two accounts he had at Coinbase and Gemini.
The hack and consequent cyber heist occurred on October 26 and Truglia was arrested on November 14.
The man is suspected to have scammed more than six executives in the Bay Area.
“San Francisco resident Robert Ross, a father of two, noticed his phone suddenly lose its signal on Oct. 26. Confused, he went to a nearby Apple store and later contacted his service provider, AT&T. But he wasn’t quick enough to stop a hacker from draining $500,000 from two separate accounts he had at Coinbase and Gemini, according to Santa Clara officials.” reads a CNBC report.
“Nicholas Truglia, 21, lifted the $1 million from Ross’ two cryptocurrency accounts, according to a felony complaint filed this month in California state court. “
The man has been charged with a total of 21 crimes, including identity theft, fraud, embezzlement, and attempted grand theft. although his attempts to rob them ultimately failed.
Police raided the Truglia’s house under a warrant and able to recover $300,000 worth of cryptocurrency from his hardware wallet. At the time, there is no news about the remaining amount of money stolen by the man.
“It’s a whole new wave of crime,” said Erin West, the deputy district attorney of Santa Clara County. “It’s a new way of stealing of money: They target people that they believe to have cryptocurrency,” she told CNBC.
A SIM swap fraud is a type of fraud that overwhelms the additional security measures introduced by banks to protect customer transactions. Basically, cyber criminals are able to transfer cash from a victim’s account by accessing one-time pin codes and SMS notifications.
Attacker impersonates the victim to request the mobile provider’s tech support staff into reassigning the victim’s phone number to a SIM card owned by the crook. The procedure needs the attacker will answer a few security questions to verify the victim’s identity. Typically the attacker gathers the information to respond the questions through social engineering or through OSINT activities.
According to the court documents, Truglia also targeted Saswata Basu, the CEO of blockchain storage service 0Chain; Myles Danielson, a hedge-fund executive, and Gabrielle Katsnelson, co-founder of start-up SMBX.
(Security Affairs – SIM swap, hacking)