Nicholas Truglia (25) from Florida was sentenced to 18 months on Thursday for his involvement in a digital heist that cost Michael Terpin (@michaelterpin), a renowned personality in the cryptocurrency space, $23.8M.
The theft happened on January 2018, where Truglia and his co-conspirators targeted Terpin with a SIM swap attack. They hijacked Terpin's phone number and transferred cryptocurrency worth millions from Terpin's crypto wallet to an account Truglia controls.
According to El Reg, Terpin's cryptocurrency of choice was TRIG, which was worth $7 then. According to the indictment, Truglia volunteered to "convert the stolen cryptocurrency into Bitcoin, another form of cryptocurrency, and then transfer the Bitcoin to other scheme participants, while keeping a portion as payment for his services." That was at least $673,000 of stolen funds.
A US district judge ordered Truglia to pay $20,379,007 for restitution within 60 days. According to Bleeping Computer, Truglia must follow the restitution orders accordingly regarding how much to pay and when: $12,100,000 on or before December 31, 2022; and $8,279,007 on or before January 30, 2021.
US Attorney Damian Williams said: "Nicholas Truglia and his associates stole a staggering amount of cryptocurrency from the victim through a complex SIM swap scheme. Nevertheless, today's sentencing goes to show that no matter how sophisticated the crime is, this Office will continue to successfully prosecute those who choose to defraud others."
Truglia isn't the only person named in the SIM swap attack against Terpin.
In October, Terpin won a case against Ellis Pinsky (20, but 15 at the time of the heist), the alleged mastermind of the attack, obligating the defendant to award a "monetary relief" of $22M to the plaintiff. Pinsky, whom the media dubbed "Baby Al Capone", was a high school student in New York. He admitted to stealing from Terpin and returned $2M worth of cryptocurrency a year after the heist.
The FTC (Federal Trade Commission) has provided users with an in-depth and thorough list of how to protect themselves from SIM swap attacks. This includes limiting the personal information you share online and considering using a more robust form of 2FA (two-factor authentication), such as using one-SIM passcodes instead of text message verification. All major US phone carriers also urge their clients to assign a PIN code to their accounts to prevent social engineering tactics geared towards customer support employees.
We don't just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.