Bitcoin investor, Michael Terpin, won a US$75.8 million civil judgment on Friday in California against 21-year-old Nicholas Truglia who SIM-swapped Terpin’s cellular phone and stole over US$23 million from Terpin’s digital currency wallets that held coins from three ICOs.
In all, Truglia is alleged to have stolen over US$81 million in crypto currencies via SIM swaps from various people and to have used the money to live a life of luxury, renting a penthouse in Manhattan, buying a US$100,000 Rolex diamond-embedded watch and to have booked private jet trips.
Truglia is currently incarcerated in California and is charged with impersonating numerous individuals to SIM swap them. He was also sued civilly by Michael Terpin for the theft of his crypto currencies and it was alleged in that pleading that Truglia laundered millions of dollars in proceeds of crime from stolen digital currencies through Coinbase, Gemini and Binance.
A SIM swap is a type of hacking fraud where a person communicates with a cellular service provider, impersonates a cellular account holder and convinces them to change the SIM card associated with a cellular device so that the hacker can gain control of the victim’s data.
When a SIM swap occurs, the cellular phone of the victim goes black and the fraudster then controls the data, and can text, call and interact as if they were the victim.
With respect to digital currency wallets, because some service providers use 2FA on cellular phones, it allows hackers access to steal digital currencies by changing the 2FA on the cellular phone when prompted. The hackers gain access to wallets and quickly transfer the digital currencies to Trezors under their control.
Technically, the theft of digital currencies from an exchange is always from the pooled wallet of the digital currency exchange although the victim’s account is debited from the exchange to reflect the loss, or it may be from a hard wallet with no third party intermediary involved. If a thief is stealing through an exchange, it is impossible to steal from an individual account.
One of the deponents in the civil litigation that resulted in the judgment this week, who is a private jet broker, deposed that Truglia had no job during the time he knew him, and shortly after the SIM swap, had over US$72 million in crypto currencies on various wallets and a stash of US$100,000 chilling on his coffee table for spending money. Truglia alleged he earned his wealth from mining. Shortly after the heist, Truglia allegedly made plans to buy a US$250,000 McLaren sports car. Allegedly, Truglia’s Twitter account was Nick @erupts – that account holder took to Twitter to brag about stealing US$24 million, and posted images of the US$100,000 diamond watch and private jet trips.
A McLaren sports car, private jet trips, an expensive watch, fistfuls of cash and no salary to match it – sounds like a perfect SAR that never got filed.