Over $7.5 million in cryptocurrency were stolen by a 21-year-old student from the U.S. through a SIM-swapping hack. For his crime, he will serve 10 years in prison.
On Monday, The Santa Clara County’s District Attorney’s Office stated that the culprit, Joel Ortiz, had hacked the smartphones of at least 40 people. According to the Attorney Office, Ortiz was a “prolific” SIM swapper, adding that in May 2018 he took $5.2 million “in minutes” from a cryptocurrency investor in Cupertino, California.
Ortiz then proceeded to spend the stolen funds on many lavish expenses, spending $10,000 at Los Angeles clubs, going to a music festival by helicopter and purchasing Gucci luggage and clothing, stated the announcement.
Ortiz was apprehended at the Los Angeles International Airport last year and pleaded no contest (accepting the charges but refusing to plead guilty) to 10 felony theft charges.
Santa Clara County Judge Edward Lee sentenced Ortiz after two hearings on Friday, making Ortiz the first person in the U.S. to be sentenced to jail for stealing cryptocurrency via SIM swapping.
Judge Lee made the following statement:
“These are not Robin Hoods. These are crooks who use a computer instead of a gun. They are not just stealing some ethereal, experimental currency. They are stealing college funds, home mortgages, people’s financial lives.”
REACT (Regional Enforcement Allied Computer Team) Task Force began investigating the case, leading them to confiscate $400,000 from Ortiz after he was in police custody. The remaining funds have either been expended or have been hidden, said the Attorney’s Office.
SIM-swap hacks are carried out by attackers which succeed in copying the victims’ SIM cards in order to get to their online accounts. This method of stealing crypto has become increasingly popular in the last few years.
In November, the Silver Miller law firm submitted arbitration claims against AT&T and T-Mobile on behalf SIM-swap hack victims, saying one of its clients had more than $621,000 worth of cryptocurrency stolen through this method.
“By leaving holes in their security protocols and failing to properly train and monitor their employees, cellphone providers have assisted thieves in remotely taking over the SIM cards in people’s smartphones, accessing financial records and account information of the victims, and emptying the victim’s accounts of cryptocurrency and other valuable assets.” –said the law firm on the matter.