This article was published on November 4, 2019

SIM-swap victim sues Bittrex over $1M Bitcoin theft, claims inside job at AT&T

Gregg Bennett says hackers 'bamboozled' Bittrex


SIM-swap victim sues Bittrex over $1M Bitcoin theft, claims inside job at AT&T

SIM-swap victim Gregg Bennett is suing cryptocurrency exchange Bittrex over nearly $1 million worth of stolen Bitcoin, CoinDesk reports.

A press release published last week claims that Bittrex violated or ignored its own security standards and industry-standard practices, allowing hackers to steal 100 Bitcoin from the Seattle-based angel investor in April.

Bennett also told reporters he believes AT&T staff were involved in the attack, claiming that his account PIN and social security number had been changed, which apparently indicates an inside job.

“Bittrex was bamboozled by hackers who should have been as visible as thieves wearing masks and carrying guns,” said Bennett. “I am asking for Bittrex to do the right thing by plugging what I see as gaping holes in their approach to security, and to return my coin to me.”

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

Directly following the hack, Bennett claims to have tried to alert Bittrex, but the exchange “failed to heed his warning for nearly two hours, allowing the hackers to continue to drain his account.”

The hackers are even said to have returned the next day to attempt a second withdrawal, which was fortunately blocked by Bittrex.

“As alleged in our complaint, Bittrex ignored a number of red flags warning Bittrex that the person initiating the withdrawal was not Gregg Bennett,” said Bennett’s legal team. “We plan to show in court that Bittrex either ignored or was unaware of standard industry safeguards to prevent hacks just like this.”

Specifically, Bittrex is said to have ignored or failed to recognize dubious account activity, including the hackers’ use of a suspicious IP address, access by a different computer operating system than normal, and failure to follow the allegedly industry-standard practice of placing a 24-hour hold on accounts after a password and two-factor authentication change.

Again, according to Bennett’s press release, the Washington Department of Financial Institutions (the state’s financial watchdog), investigated the theft in August. It reportedly concluded that Bittrex didn’t take reasonable steps to stop Bennett’s cryptocurrency from being stolen.

Bittrex has reportedly declined to comment on the specifics of Bennett’s lawsuit.

This lawsuit joins a slew of SIM-swap lawsuits filed by disgruntled investors. Most notable is Michael Terpin’s $224 million AT&T legal case, which involves New York’s ‘Bitcoin Bandit’ Nicholas Truglia and $80 million worth of stolen cryptocurrency.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with