Authorities have arrested two men and charged them with plotting to steal half a million dollars worth of cryptocurrency via SIM-swapping.
Eric Meiggs, 21, of Brockton, Massachusetts, and Declan Harrington, 20, of Rockport, Massachusetts, were charged in an 11-count indictment, facing allegations of one count of conspiracy, eight counts of wire fraud, one count of computer fraud and abuse, and one count of aggravated identity theft.
Meiggs and Harrington allegedly targeted executives of cryptocurrency businesses and others who held significantly large amounts of cryptocurrency and those who had high-value social media account names, the indictment says.
Both men allegedly conspired to hack into, and take over, the online accounts of at least 10 identified victims around the country. In total, police say they sought to steal more than $550,000 in cryptocurrency.
SIM swapping is a popular technique among criminals. The technique enables criminals to convince a victim’s cell phone carrier to reassign their phone number from the SIM card inside the victim’s device to the SIM card inside a phone controlled by the hacker.
The criminal then poses as the victim with an online account provider and asks them to send account password-reset links or an authentication code to the compromised device, thus allowing the criminal to reset the victim’s credentials and hack into their account.
Back in May, Hard Fork reported on how a member of a hacking group called “The Community,” was facing upwards of 100 years behind bars after allegedly swindling over $2 million worth of cryptocurrencies in a series of SIM-swap attacks.
In October, AT&T said it would dispute allegations that it was negligent after allegedly contributing to $1.7 million in lost cryptocurrency in an elaborate SIM-swap incident.
Earlier this month, SIM-swap victim Gregg Bennett said he was suing cryptocurrency exchange Bittrex over almost $1 million worth of stolen Bitcoin.
These kind of attacks are likely to go away any time soon, but there are plenty things consumers can do to keep safe as per the Federal Trade Commission’s advice: don’t reply to calls, emails, or text messages requesting personal information; limit the personal information you share online; set up a PIN or password on your phone; and consider using stronger authentication on accounts with sensitive personal or financial information.
And, if you suspect you’re a victim of SIM swapping, contact your provider and check your account statements.
Published November 15, 2019 — 11:00 UTC