Joel Ortiz has been sentenced to 10 years in jail and has gone down in crypto history as the first convicted crypto thief who used sim swapping to steal Bitcoin. The 21-year old former student stole Bitcoin worth more than $7.5 million from 40 individuals from around the US. Sim swapping is a growing crime around the world, but it’s only just beginning to make its way into the crypto world.
“Not Robin Hoods”, but Criminals
Ortiz was a clever thief in that he knew exactly how to pull off the perfect sim swapping heist. He attended high-end blockchain and crypto conferences where he managed to gain access to mobile phones and swap out the sim card. He then spent the stolen funds on living a lavish lifestyle, including $10,000 in a luxurious LA night club and hiring a helicopter to take him to a music festival. Judge Edward Lee of Santa Clara County sentenced Ortiz to 10 years in jail and prosecuting attorney Erin West said:
“These are not Robin Hoods. These are crooks who use a computer instead of a gun. They are not just stealing some ethereal, experimental currency. They are stealing college funds, home mortgages, people’s financial lives.”
How Does Sim Swapping Work?
Sim swapping is incredibly easy for someone with the right skillset and it can be financially devastating for those who are targeted. A thief will attempt to acquire a mobile device, pop out the sim card and replace it with a dud. The thief then restores all apps on the new device he places the sim in using SMS verification codes. From here, the thief can access email accounts and reset passwords to crypto exchanges and wallets to gain control of them. Then it’s a simple process of transferring the funds from target to thief.
Alternatively, if a thief knows their victim well enough, they can call up the victim’s carrier and claim their mobile device was lost or stolen and that they need a new sim. The sim can then be collected from a carrier outlet and the attack continues in the same manner.
Use 2-Factor Authentication
There are ways to defend against sim swapping, and they are very easy to implement. Adding 2-factor authentication (2FA) on your account using an app such as Authy will go a long way in helping protect your crypto from sim swappers. However, if the swapper gains access to your 2FA app, then you could be in big trouble – so consider using a separate email address to sign up for these 2FA services that isn’t linked to your mobile number. Interestingly, this is the one case where biometric security on your accounts might be able to help you.
Network carriers need to step up their security to help prevent swim swapping from being so simple to carry out, and hopefully the high-profile case of Joel Ortiz will be the catalyst that the industry needs.