San Francisco resident Robert Ross first realised something odd was going on when his iPhone lost its signal on 26th October. But his cellphone signal wasn't all that Ross had lost. Within minutes he had also lost his entire $1 million life savings, including the money he had stashed away for his two daughters' college education. According to media reports, prosecutors believe 21-year-old Manhattan resident Nicholas Truglia targeted the cellphones of Ross and a number of others in "SIM-swapping" attacks. SIM swap attacks (also sometimes called Port Out scams) are where fraudsters manage to trick the customers service staff of cellphone operators into giving them control of someone else’s phone number. This is sometimes done by a fraudster reciting personal information about their target to the cellphone company to convince them of their identity. When an online account subsequently sends its authentication token to the user’s phone number via SMS it ends up in the hands of the criminal. A Santa Clara County court has heard claims that Truglia used a SIM swap attack to commandeer control of Ross's phone, and then gain unauthorised access to accounts. It is claimed that Truglia was able, from the comfort of his swanky high-rise apartment in the heart of Manhattan, to withdraw $500,000 in each of two digital banks, Gemini and Coinbase, convert it into cryptocurrency, and move it into his personal account. Court records claim that Truglia's other targets included 0Chain CEO Saswatu Basu; Gabrielle Katsnelson, the co-founder and COO of SMBX (Small & Medium Business Exchange), and hedge funder Myles Danielsen. Detectives arrested Truglia at his condo on 42nd Street on 14th November, and during a search allegedly found a hardware wallet containing $300,000 worth of cryptocurrency. Bizarrely, this is not the first time that Truglia has made the headlines in regards to unauthorised access to a cryptocurrency account. Earlier this month, before his arrest, Truglia was named in media reports as claiming to have been tortured at his apartment by four of his friends in an attempt to gain access to his cryptocurrency accounts. Truglia claimed that he had had his head held underwater in the bathtub, had hot wax thrown at him, and had been punched in the stomach. He later told police that when he awoke he realised that this laptop, two mobile phones, and a USB drive containing his cryptocurrency account information had disappeared. Truglia, and the men who he claimed attacked him, are no strangers to flaunting their cryptocurrency wealth and extravagant lifestyles on social media. Whether you have made your fortune through honest or illegal means, it's probably not a good idea to boast about your riches publicly - or risk catching the attention of those who may want to take it away from you. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
