Fun

Bittrex Target of Latest $1 Million Crypto SIM Hack Lawsuit

News Feed - 2019-11-04 11:11:07

Crypto exchange Bittrex is being sued over a SIM swap that netted criminals 100 bitcoin, currently worth nearly $1 million.


The case resembles other recent high-profile heists in which a hacker seizes control of a victim’s cell phone to then loot online crypto accounts: the swap was from cellular carrier AT&T, money was taken from Bittrex, and the hack took control over the victim’s online identity.


The hack against Seattle-based angel investor Gregg Bennett, however, has not been resolved by criminal investigators, as others have before being made public in legal filings.


In this case, Bennett filed suit in Washington state’s King County Superior Court, alleging that Bittrex violated its own published security protocols and ignored industry standards, missing the chance to stop the high-stakes burglary. He also alleged that Bittrex failed to act as the April 15, 2019 hack was in process or respond quickly enough once notified by him directly.


The financial legal examiner for the Washington state regulator handling consumer complaints, the Department of Financial Institutions, concluded that Bittrex did not “take reasonable steps to respond” to Bennett’s notice and “appears” to have violated its own terms of service, in a signed letter dated Aug. 30, 2019 provided to CoinDesk by Bennett.


Though various legal entities were notified of the hack, they have not yet announced any criminal charges in the case, and as such, the whereabouts of Bennett’s bitcoin are unknown. Bittrex’s response


Bittrex declined to comment specifically about the Bennett hack and the court case.


But CEO Bill Shihara, speaking to CoinDesk about other recent SIM hacks, said the exchange has robust security in place to prevent account breaches, including two-factor authentication and email verification when an unknown IP address logs into an account.


These “speed bumps” might result in some user complaints, he said, but “they actually save a lot of accounts from being hacked.”


But given a target’s email may also be breached, it’s best to never trust one’s phone as the last security stop – once it’s taken over, everything could be accessible, he said: “I think this is a problem that requires a lot of solutions and a lot of layers of security. And unfortunately one of the mantras that we use and often publish articles about is that ultimately you can’t trust your phone. You have to be aware that you could lose control of your phone.” AT&T’s role


Bennett told CoinDesk that he suspects his hack was “an inside job,” as he said that his account PIN and even Social Security number on the account were changed, which would imply that someone at the phone company played a role.


However, AT&T is not named in the Bennett suit, while it’s the focus of similar cases filed by Seth Shapiro and Michael Terpin.


While Bennett’s present case only focuses on the security lapses at Bittrex, he said the door remained open; AT&T “will not escape my wrath,” he said.


AT&T spokesman Jim Greer said he could only reiterate his prior responses to the SIM hacks: customers should avoid relying on their cell phones for security.


“Fraudulent SIM swaps are a form of theft committed by sophisticated criminals. We are working closely with our industry, law enforcement and consumers to stop and prevent this type of crime,” Greer said. Red flags


Bennett says that Bittrex should have known something odd was afoot.


The hacks were coming from a Florida IP address and from an NT operating system, he said, neither of which he had never before used – both signs, in his mind, that it should be clear that he was not the one accessing the account.


Bennett alleges in the lawsuit that the hackers ultimately drained 100 bitcoin from his account – the maximum daily withdrawal allowed. In fact, he had a series of coins that the hackers dumped at below-market prices, converted into a further 30 bitcoin and made off with.


They even returned the following day for his 35 remaining bitcoin, but by that time, Bennett said he had succeeded in getting Bittrex to shut down the account and the unauthorized withdrawals.


Bennett’s suit alleges Bittrex failed to follow industry security standards in his case.


Beyond the different IP address and operating system, his lawyers asserted that Bittrex should have also imposed a 24-hour withdrawal hold after password changes, which he said other exchanges do.


“What I fault Bittrex for is their inability to see obvious suspicious activity,” Bennett said.


SIM card image via Shutterstock

News Feed
Tristan Greene5 hours agoVisa launches global AI advisory practice focused on generative systemsVisa’s new artificial intelligence advisory practice will leverage more than 1,000 analysts and consultants around the glo
2023-11-09 03:00 AM
Australian crypto firm Finder’s Earn product was complaint, court finds
Jesse Coghlan3 hours agoAustralian crypto firm Finder’s Earn product was complaint, court findsThe court dismissed the corporate regulator’s legal action, saying Finder Earn wasn’t a debt security and didn’t requ
2024-03-14 14:32 PM
Here’s How to Order Food From Your Home Using Cryptocurrency
Here’s How to Order Food From Your Home Using Cryptocurrency Staying home during the coronavirus epidemic reduces the risk of getting infected with the deadly covid-19. The dis
2020-03-26 16:20 PM
Algorand Looks to Prove Why Algoracle Is Needed in the Contemporary Blockchain and Crypto Sector
Algorand Looks to Prove Why Algoracle Is Needed in the Contemporary Blockchain and Crypto Sector press release PRESS RELEASE.As the complexity of current dApps (decentralized applic
2022-04-14 20:00 PM
The Fed Will Keep Focusing on Crypto — Fed Governor Says ‘We Do Not Want to Hinder Innovation’
The Fed Will Keep Focusing on Crypto — Fed Governor Says "We Do Not Want to Hinder Innovation" Federal Reserve Governor Michelle Bowman says while “cryptocurrency activitie
2023-01-12 12:00 PM
Helen Partz14 hours agoTerra.money website frozen to prevent more phishing scamsThe freeze comes shortly after Terra’s website was compromised over the weekend by hackers who attempted to scam users via phishing attack
2023-08-22 18:05 PM
Major Crypto ATM Operator Coin Cloud Files for Bankruptcy
Major Crypto ATM Operator Coin Cloud Files for Bankruptcy One of the largest cryptocurrency ATM operators, Coin Cloud, which claims to operate more than 5,000 crypto ATMs, has file
2023-02-10 04:00 AM
Tom Blackstone5 hours agoNewly discovered Bitcoin wallet loophole let hackers steal $900K — SlowMistA series of attacks drained the wallets of BTC users by exploiting a faulty random seed generation algorithm.2038 Tota
2023-08-11 03:30 AM
Popular Radio Presenter Suspended for Alleged Ties to Bitcoin Scam
Popular Radio Presenter Suspended for Alleged Ties to Bitcoin Scam South Africa’s national broadcaster has suspended one of its employees that is accused of convincing unsus
2022-05-24 06:30 AM
Bitcoin Spot Is King – STH Selling Pressure Expected To Be Absorbed By ETFs
Este artículo también está disponible en español. Bitcoin has experienced a whirlwind of volatility following its recent all-time high of $93,483 set on Wednesday. Over t
2024-11-16 01:30 AM
Joe Hall9 hours agoHeating a home with a Bitcoin miner: Staying warm with satsThe heat generated from Bitcoin mining could make mining at home more accessible, affordable and environmentally friendly.5446 Total views3 To
2023-07-05 23:01 PM
Brave Browser to Integrate Solana Support
Brave Browser to Integrate Solana Support Brave, the company behind the Brave browser, has partnered with Solana to provide support for the blockchain directly from its browser. Ac
2021-11-10 19:00 PM