Fun

Bittrex Target of Latest $1 Million Crypto SIM Hack Lawsuit

News Feed - 2019-11-04 11:11:07

Crypto exchange Bittrex is being sued over a SIM swap that netted criminals 100 bitcoin, currently worth nearly $1 million.


The case resembles other recent high-profile heists in which a hacker seizes control of a victim’s cell phone to then loot online crypto accounts: the swap was from cellular carrier AT&T, money was taken from Bittrex, and the hack took control over the victim’s online identity.


The hack against Seattle-based angel investor Gregg Bennett, however, has not been resolved by criminal investigators, as others have before being made public in legal filings.


In this case, Bennett filed suit in Washington state’s King County Superior Court, alleging that Bittrex violated its own published security protocols and ignored industry standards, missing the chance to stop the high-stakes burglary. He also alleged that Bittrex failed to act as the April 15, 2019 hack was in process or respond quickly enough once notified by him directly.


The financial legal examiner for the Washington state regulator handling consumer complaints, the Department of Financial Institutions, concluded that Bittrex did not “take reasonable steps to respond” to Bennett’s notice and “appears” to have violated its own terms of service, in a signed letter dated Aug. 30, 2019 provided to CoinDesk by Bennett.


Though various legal entities were notified of the hack, they have not yet announced any criminal charges in the case, and as such, the whereabouts of Bennett’s bitcoin are unknown. Bittrex’s response


Bittrex declined to comment specifically about the Bennett hack and the court case.


But CEO Bill Shihara, speaking to CoinDesk about other recent SIM hacks, said the exchange has robust security in place to prevent account breaches, including two-factor authentication and email verification when an unknown IP address logs into an account.


These “speed bumps” might result in some user complaints, he said, but “they actually save a lot of accounts from being hacked.”


But given a target’s email may also be breached, it’s best to never trust one’s phone as the last security stop – once it’s taken over, everything could be accessible, he said: “I think this is a problem that requires a lot of solutions and a lot of layers of security. And unfortunately one of the mantras that we use and often publish articles about is that ultimately you can’t trust your phone. You have to be aware that you could lose control of your phone.” AT&T’s role


Bennett told CoinDesk that he suspects his hack was “an inside job,” as he said that his account PIN and even Social Security number on the account were changed, which would imply that someone at the phone company played a role.


However, AT&T is not named in the Bennett suit, while it’s the focus of similar cases filed by Seth Shapiro and Michael Terpin.


While Bennett’s present case only focuses on the security lapses at Bittrex, he said the door remained open; AT&T “will not escape my wrath,” he said.


AT&T spokesman Jim Greer said he could only reiterate his prior responses to the SIM hacks: customers should avoid relying on their cell phones for security.


“Fraudulent SIM swaps are a form of theft committed by sophisticated criminals. We are working closely with our industry, law enforcement and consumers to stop and prevent this type of crime,” Greer said. Red flags


Bennett says that Bittrex should have known something odd was afoot.


The hacks were coming from a Florida IP address and from an NT operating system, he said, neither of which he had never before used – both signs, in his mind, that it should be clear that he was not the one accessing the account.


Bennett alleges in the lawsuit that the hackers ultimately drained 100 bitcoin from his account – the maximum daily withdrawal allowed. In fact, he had a series of coins that the hackers dumped at below-market prices, converted into a further 30 bitcoin and made off with.


They even returned the following day for his 35 remaining bitcoin, but by that time, Bennett said he had succeeded in getting Bittrex to shut down the account and the unauthorized withdrawals.


Bennett’s suit alleges Bittrex failed to follow industry security standards in his case.


Beyond the different IP address and operating system, his lawyers asserted that Bittrex should have also imposed a 24-hour withdrawal hold after password changes, which he said other exchanges do.


“What I fault Bittrex for is their inability to see obvious suspicious activity,” Bennett said.


SIM card image via Shutterstock

News Feed
Paypal’s Stock Soars to All Time High as Demand for BTC on the Platform Now More Than Supply of New Coins
Paypal"s Stock Soars to All Time High as Demand for BTC on the Platform Now More Than Supply of New Coins E-commerce giant Paypal’s stock price surged to a
2020-12-15 21:30 PM
Judge labels 2 obscure altcoins as commodities in $120M Ponzi case
Tom Mitchelhill2 hours agoJudge labels 2 obscure altcoins as commodities in $120M Ponzi caseAn Illinois judge has sided with the Commodity Futures Trading Commission in a crypto fraud case, labeling two altcoins, OHM and
2024-07-04 15:14 PM
Bitcoin, Ethereum Technical Analysis: BTC Falls Below $25,000 Following Recent Surge
Bitcoin, Ethereum Technical Analysis: BTC Falls Below $25,000 Following Recent Surge Bitcoin fell below the $25,000 mark on Friday, as markets moved into consolidation, following r
2023-02-17 22:30 PM
William Suberg7 hours agoBitcoin due new local low? Watch these BTC price levels as $28K rejectsBitcoin bulls struggle to top their highs from the start of the week, while BTC price forecasts diverge over what could be n
2023-10-06 01:14 AM
Russia Considers Partially Replacing Dollar Reserves With Digital Assets in Future
Russia Considers Partially Replacing Dollar Reserves With Digital Assets in Future Amid ongoing sanctions, the government of Russia has been working to limit the country’s d
2021-10-20 22:30 PM
CBDCs, stablecoins must ensure liberty-based values — former CFTC chair
Gareth Jenkinson9 hours agoCBDCs, stablecoins must ensure liberty-based values — former CFTC chairJ. Christian Giancarlo has stressed the importance of upholding values of liberty, privacy and economic freedom in a key
2024-05-08 23:17 PM
Price analysis 6/24: SPX, DXY, BTC, ETH, BNB, SOL, XRP, TON, DOGE, ADA
Rakesh Upadhyay6 hours agoPrice analysis 6/24: SPX, DXY, BTC, ETH, BNB, SOL, XRP, TON, DOGE, ADABitcoin price descends to $60,000, but will traders buy the dip in BTC and altcoins?2132 Total views2 Total sharesListen to
2024-06-25 03:00 AM
Chinese Central Bank Official Calls for Commercial Bank Blockchain Adoption
The head of the technology department at the People’s Bank of China (PBoC) has called for commercial banks to adopt blockchain technology in digital finance. As reported by Reute
2019-10-28 19:30 PM
Uniswap price tanks 10% as team vows to fight SEC threat
Jesse Coghlan7 hours agoUniswap price tanks 10% as team vows to fight SEC threatUniswap Labs said its “ready to fight” after disclosing it received a notice of possible enforcement action from the SEC.3760 Total view
2024-04-11 10:29 AM
Tom Mitchelhill1 hour agoAustralian Treasury proposes to regulate crypto exchanges, not tokensThe Australian treasury"s newly-released consultation paper will require to crypto exchanges to apply for financial services l
2023-10-16 07:31 AM
Joe Hall11 hours agoBitcoin builder climbs Africa’s tallest mountain to raise awarenessAdvocates for the Bitcoin Lightning Network and decentralized protocol Nostr funded Kweks’ Kilimanjaro climb.2912 Total views35 T
2023-10-30 21:25 PM
Cathie Wood’s ARK resumes Coinbase buying as BTC drops below $50K
Helen Partz1 hour agoCathie Wood’s ARK resumes Coinbase buying as BTC drops below $50KARK Invest is back to buying the Coinbase stock after a long selling period. On Aug. 5, ARK bagged 28,632 COIN shares for $5.4 milli
2024-08-06 16:56 PM