Two Massachusetts men have been arrested in connection with the theft of over half a million dollars worth of cryptocurrency via hacking, SIM swapping, and manipulation of social media accounts. Eric Meiggs, 21, and Declan Harrington, 20, were arrested by FBI agents this week and charged in an 11-count indictment, including wire fraud, computer fraud, and aggravated identity theft. The pair targeted companies and high profile crypto individuals who they suspected of holding large amounts of cryptocurrency.
“Extensive Scheme” Carried Out
Meiggs and Harrington conducted what the United States Department of Justice called an “extensive scheme” to illegally obtain cryptocurrency, conspiring to hack into, and then take control over, their victims’ online accounts, allowing them to obtain cryptocurrency and other potentially valuable data, which they allegedly utilized themselves or sold on the dark web. They utilized SIM-swapping and other techniques to carry out their scheme, targeting at least 10 identified victims around the country, many of them being long-time cryptocurrency investors and enthusiasts, or ‘OG’s, with high-profile social media accounts. Meiggs allegedly took control over two such victims’ accounts before the arrest. According to the indictment, the pair allegedly stole, or attempted to steal, over $550,000 worth of cryptocurrency from these victims alone, as well as attempting to extort the victims’ friends and families in return for the account being returned to the owner.
Complete Security is an Illusion
The details of the indictment make for disturbing reading. The ease with which Meiggs and Harrington were able to port the victims’ phone number to their own is something that should alarm everyone with a cell phone: using just the victim’s email address, they were able to get the victim’s cell phone number ported to Harrington’s phone, from where they were able to control his Google account and Facebook account, searching his email and private messages for cryptocurrency seed phrases or wallet details. They didn’t manage to obtain any via this method, but it just shows how easily a hacker is able to access such personal details. Clearly the victim did the right thing by not having any sensitive information publicly available, but it also shows that, even with two-factor authentication enabled, there is no such thing as an entirely safe cryptocurrency existence. Both AT&T and T-Mobile have been hit with SIM swapping attacks in recent months, with AT&T facing a multi-million dollar lawsuit in the matter.