14 DAY TRIAL // Manhattan resident 21-year old Nicholas Truglia was able to steal millions worth of cryptocurrency from multiple Silicon Valley execs he targeted with the help of SIM swapping attacks, also known as "port-out" scams.
One of his victims, Robert Ross, said that he was able to see his phone losing the network signal and had $1 million in cryptocurrency drained from accounts he had opened on two separate crypto exchanges, at Gemini and Coinbase.
The prosecutors investigating Truglia's crimes have already filed a felony complaint with the California state court saying that the 21-year old man was able to set up and run a "port-out" scam targeting multiple Silicon Valley executives.
According to the New York Post, Truglia earmarked high-profile execs such as "Saswata Basu, CEO of the block-chain storage service 0Chain; hedge-funder Myles Danielsen, vice president of Hall Capital Partners, and Gabrielle Katsnelson, the co-founder of the startup SMBX."
A "port-out" scam which is also known as a SIM swapping attack primarily involves social engineering skills needed to convince a mobile carrier to transfer someone's phone to a device controlled by the attacker.
Upon getting control of the victim's number, the hacker will be able to reset passwords of accounts that have SMS-based two-factor authentication enabled, to read all text messages sent to the stolen number, and receive all phone calls the legitimate owner would.
Truglia faces 21 felony counts pending extradition to Santa Clara
“You’re sitting in your home, your phone is in front of you, and you suddenly become aware there is no service because the bad guy has taken control of your phone number,” deputy district attorney Erin West of Santa Clara Superior Court said in a statement sent to the New York Post.
West, which is also part of the Santa Clara REACT task force designed to investigate and solve SIM-swapping cases all across the U.S. also said that "port-out" scams are "a new way of doing an old crime. It’s a pervasive problem, and it involves millions of dollars.”
The REACT task force arrested Truglia on November 14 after carrying a warrant-based search of his 42nd Street high-rise in Manhattan and recovering $300,000 worth fo funds from a computer found in the apartment.
After his arrest, Truglia was moved to the Manhattan Detention Complex waiting for the extradition he agreed upon to Santa Clara, California, where he will face 21 felony counts ranging from identity theft and fraud to embezzlement and grand theft, all of them related to the six targets he managed to hack during his October hacking spree.
To protect themselves from potential SIM swapping attacks, potential targets have a simple and very straightforward tool at their disposal: adding a security PIN to their account which will be required for future SIM changes or number porting to another carrier.