'Tell your dad to give us bitcoin’: College student steals $5mn in crypto by hijacking phones

31 Jul, 2018 12:46 / Updated 6 years ago

A college student has been arrested for allegedly stealing over $5 million in bitcoin by hijacking phone numbers. The 20 year old even used the zombie numbers to send strange messages to his victim’s family.

Joel Ortiz from Boston, Massachusetts, along with a group of unnamed associates, hacked the phone numbers of more than 40 cryptocurrency investors and people involved in blockchain, according to court documents obtained by Motherboard.

Ortiz reportedly used a relatively easy SIM-swapping technique to target his victims. The attack consists of manipulating a phone carrier’s weak security system (like AT&T or Verizon) to swap the target’s phone number to a SIM controlled by the criminal.

Ortiz then used the phone numbers to bypass two-truyfactor authentication systems to reset the victim’s passwords and hack into their online accounts. The victims were reportedly targeted during the high-profile Consensus conference in New York City in May, where more than $1.5 million was stolen from a single crypto entrepreneur.

Also included in court documents was one of Ortiz’s previous attacks in February and March 2018. Ortiz reportedly targeted one investor by hijacking his number twice, resetting his passwords and inputting his own two-factor security system to lock the user out. Ortiz took the hack one step further by messaging the victim’s wife and daughter from the hacked phone number writing “TELL YOUR DAD TO GIVE US BITCOIN,” over iMessage.

Otiz was eventually tracked down by police after they issued a warrant to AT&T to get a call record for the days in which the phone number was hacked. The records revealed the hacker’s identity by showing the IMEI number of the Samsung phone Ortiz used.

READ MORE: Gibraltar football team to become world’s first to pay players in cryptocurrency

A follow-up data warrant issued to Google then disclosed email addresses associated with the phone and a trove of evidence of Ortiz’s criminal activities. So far police have seized about $250,000 in stolen cryptocurrency from Ortiz. It’s unclear where the remaining funds have been stashed.

California authorities arrested Ortiz at Los Angeles International Airport on his way to Europe on July 12, one day after 28 charges were filed against him, including 13 counts of identity theft, 13 counts of hacking and two counts of grand theft. His bail is set at $1 million and he remains in prison until his plea hearing, set for August 9.

Like this story? Share it with a friend!