Fun

Bittrex Target of Latest $1 Million Crypto SIM Hack Lawsuit

News Feed - 2019-11-04 11:11:07

Crypto exchange Bittrex is being sued over a SIM swap that netted criminals 100 bitcoin, currently worth nearly $1 million.


The case resembles other recent high-profile heists in which a hacker seizes control of a victim’s cell phone to then loot online crypto accounts: the swap was from cellular carrier AT&T, money was taken from Bittrex, and the hack took control over the victim’s online identity.


The hack against Seattle-based angel investor Gregg Bennett, however, has not been resolved by criminal investigators, as others have before being made public in legal filings.


In this case, Bennett filed suit in Washington state’s King County Superior Court, alleging that Bittrex violated its own published security protocols and ignored industry standards, missing the chance to stop the high-stakes burglary. He also alleged that Bittrex failed to act as the April 15, 2019 hack was in process or respond quickly enough once notified by him directly.


The financial legal examiner for the Washington state regulator handling consumer complaints, the Department of Financial Institutions, concluded that Bittrex did not “take reasonable steps to respond” to Bennett’s notice and “appears” to have violated its own terms of service, in a signed letter dated Aug. 30, 2019 provided to CoinDesk by Bennett.


Though various legal entities were notified of the hack, they have not yet announced any criminal charges in the case, and as such, the whereabouts of Bennett’s bitcoin are unknown. Bittrex’s response


Bittrex declined to comment specifically about the Bennett hack and the court case.


But CEO Bill Shihara, speaking to CoinDesk about other recent SIM hacks, said the exchange has robust security in place to prevent account breaches, including two-factor authentication and email verification when an unknown IP address logs into an account.


These “speed bumps” might result in some user complaints, he said, but “they actually save a lot of accounts from being hacked.”


But given a target’s email may also be breached, it’s best to never trust one’s phone as the last security stop – once it’s taken over, everything could be accessible, he said: “I think this is a problem that requires a lot of solutions and a lot of layers of security. And unfortunately one of the mantras that we use and often publish articles about is that ultimately you can’t trust your phone. You have to be aware that you could lose control of your phone.” AT&T’s role


Bennett told CoinDesk that he suspects his hack was “an inside job,” as he said that his account PIN and even Social Security number on the account were changed, which would imply that someone at the phone company played a role.


However, AT&T is not named in the Bennett suit, while it’s the focus of similar cases filed by Seth Shapiro and Michael Terpin.


While Bennett’s present case only focuses on the security lapses at Bittrex, he said the door remained open; AT&T “will not escape my wrath,” he said.


AT&T spokesman Jim Greer said he could only reiterate his prior responses to the SIM hacks: customers should avoid relying on their cell phones for security.


“Fraudulent SIM swaps are a form of theft committed by sophisticated criminals. We are working closely with our industry, law enforcement and consumers to stop and prevent this type of crime,” Greer said. Red flags


Bennett says that Bittrex should have known something odd was afoot.


The hacks were coming from a Florida IP address and from an NT operating system, he said, neither of which he had never before used – both signs, in his mind, that it should be clear that he was not the one accessing the account.


Bennett alleges in the lawsuit that the hackers ultimately drained 100 bitcoin from his account – the maximum daily withdrawal allowed. In fact, he had a series of coins that the hackers dumped at below-market prices, converted into a further 30 bitcoin and made off with.


They even returned the following day for his 35 remaining bitcoin, but by that time, Bennett said he had succeeded in getting Bittrex to shut down the account and the unauthorized withdrawals.


Bennett’s suit alleges Bittrex failed to follow industry security standards in his case.


Beyond the different IP address and operating system, his lawyers asserted that Bittrex should have also imposed a 24-hour withdrawal hold after password changes, which he said other exchanges do.


“What I fault Bittrex for is their inability to see obvious suspicious activity,” Bennett said.


SIM card image via Shutterstock

News Feed

DMEX Integrates xDAI for Cheap Decentralized Perpetual Contracts With up to 100x Leverage and No KYC
DMEX Integrates xDAI for Cheap Decentralized Perpetual Contracts With up to 100x Leverage and No KYC PRESS RELEASE. In response to rising gas prices during the l
Sam Bankman-Fried Disputes FTX US ‘Shortfall’ Claims, Critics Skeptical of Excel Spreadsheet Defense
Sam Bankman-Fried Disputes FTX US "Shortfall" Claims, Critics Skeptical of Excel Spreadsheet Defense Following an update from FTX debtors about the $5.5 billion discovered by admin
Zhiyuan Sun4 hours agoFilecoin storage utilization surpasses 7% in Q2: ReportAlthough utilization rose, protocol and supply revenue declined, as more providers slashed fees to incentivize adoption.839 Total views13 Total
Jesse Coghlan2 hours agoLHV Bank founder has $470M worth of Ethereum, but lost his private keyRain Lõhmus, the founder of LHV Bank told Estonian media last month he’s not made much effort to recover the funds, but is
Gemini to return at least $1.1B to Earn customers in settlement with NYDFS
Brayden Lindrea1 hour agoGemini to return at least $1.1B to Earn customers in settlement with NYDFSGemini said that 97% of the assets should be recoverable within two months and the remaining asset balance within the nex
Ezra Reguerra11 hours agoVitalik Buterin thinks AI may surpass humans, community respondsMembers of the AI and blockchain community have shared their views on the concerns posted by the Ethereum founder; some concur, whi
Coinbase partners with Lightspark for Bitcoin Lightning payments
Brayden Lindrea15 minutes agoCoinbase partners with Lightspark for Bitcoin Lightning paymentsLightspark says the integration on Coinbase will offload more transaction activity away from Bitcoin’s base layer, where fees
Earn 175% APR Through ApeCoin (APE) Staking on LBank Exchange
Earn 175% APR Through ApeCoin (APE) Staking on LBank Exchange press release PRESS RELEASE. INTERNET CITY, DUBAI, Dec 16, 2022 – LBank Exchange, a global digital asset trading plat
Challenging Year for Bitcoin Miners as Fewer BTC Mining Rigs Are Profitable at Current Prices
Challenging Year for Bitcoin Miners as Fewer BTC Mining Rigs Are Profitable at Current Prices Bitcoin miners have had a challenging year as the network’s mining difficulty r
Insurance Company Sued for Refusing to Cover $7.5 Million Bitcoin Ransom Payment
Insurance Company Sued for Refusing to Cover $7.5 Million Bitcoin Ransom Payment A British jeweler has sued its insurance company for refusing to cover a bitcoin ransom payment of
Ana Paula Pereira3 hours agoApple, Goldman Sachs drop plans for trading app: ReportInitial plans called for a 2022 rollout, but economic conditions caused the project to be reportedly shelved last year.872 Total views14
Stablecoin Market Sees Fluctuations With Some Coins Gaining and Others Reducing Supply
Stablecoin Market Sees Fluctuations With Some Coins Gaining and Others Reducing Supply According to statistics, on March 26, the stablecoin economy was valued at $135 billion, with