Joshua Jones, the crypto sim swap victim who lost around $45 million worth of BTC and BCH in a sim swap last week, also lost millions of dollars in the Mt. Gox hack of 2014, it has been discovered. Jones, whose since-deleted Reddit post on Saturday regarding what amounts to the biggest ever individual loss went around the crypto world quicker than an Australian bush fire, can count himself either unlucky or careless after his second huge loss in six years, which once again illustrates the folly of leaving large amounts of crypto on insecure devices.
BCH address :qzumak2rvxksjgkjuxe2fe5jxatktlsnhy5sthr5p7
THIS IS REALLY BRUTAL pic.twitter.com/19XM3w5BL7
— Dovey 以德服人 Wan ?? (@DoveyWan) February 22, 2020
Desperate Jones Asked for Miner Help
Jones took to Reddit in the early hours of Saturday morning to reveal how a suspected sim swap attack had robbed him of 60,000 BCH and ₿1,500, asking in the post if any miners or anyone in the community could “help somehow”, with a “big reward” promised.
Jones has come in for criticism for this suggestion, which amounts to an attempt to bribe miners into breaking blockchain law and reversing the transaction, but it was just the act of a desperate man looking for any way to stop the transfer before it was confirmed.
Jones’ Mt. Gox History Discovered
Jones’ true identity was discovered fairly quickly after his username, zhoujianfu, was linked to his Twitter account. It turned out that Jones was not some naïve innocent who didn’t know any better than to store his coins on a device that was susceptible to a sim swap attack – he is a Mt. Gox veteran with a staggering ₿43,768 claim, worth $433 million today.
The fact that someone could lose millions of dollars’ worth of assets in the most famous crypto hack of all time and still not learn a lesson or two about security is staggering. Add to that the fact that Jones has a wealth of internet experience, including setting up his own crypto exchange to help victims right after the Mt. Gox collapse, and the whole thing becomes even more staggering. As the saying goes: fool me once, shame on you – fool me twice, shame on me.
The Golden Rules of Crypto Security
Because Jones deleted his post before he was able to confirm exactly how the hack took place we don’t know the specifics, but the fact that he claims it was via a sim swap suggests that the wallets were, incredibly, on a regularly used phone or tablet.
This sorry tale is another reminder of the golden rules of crypto storage:
- Not your keys, not your funds
- Only leave on an exchange what you plan to trade
- Leave non-traded funds on a reputable crypto hardware wallet or similar (e.g. a device that is not connected to the internet and does not have a sim card assigned to it)
- Ensure you have two-factor authentication (2FA) on all exchanges and wallets that offer it, and seriously consider your use of those that don’t
No doubt Jones is ruing his lack of proper security, which will see his story go down in the annals of crypto loss history. Make sure your name isn’t next on the list.