A Hamilton teen hacked a Bitcoin investor and stole $48 million. The youth was released from custody but can’t use crypto for a year.
Police say it’s the biggest ever hack that victimized one person. The Federal Bureau of Investigation (FBI) and Secret Service were hunting him down. He spent some of the money on a Playstation Network username – “God” – possibly obtained via hacking. Officials say this case spotlights security issues in a world where digital assets are gaining prominence.
How’d he pull it off?
Police say it was a “SIM swap” attack. Hackers can pretend to be their victims and ask telecom companies to port their number into a SIM the hacker controls. Then, the hacker gets access to the victim’s other accounts via two-factor authentication, which is often done by text message.
The Hamilton teen snatched the Bitcoin investor’s phone number by tricking T-Mobile. Then, he logged into the investor’s email account and saw he had a cryptocurrency wallet on Blockchain.com.
The teen had been SIM swapping since 2016. It’s worth noting he had chatted freely with many high-profile hackers, according to The Globe and Mail’s anonymous source.
How was he caught?
Cops kicked in his door.
The ensuing arrest was “highly dynamic” and “aggressive,” the teen’s defence lawyer told the court, “The memory of that night is burned into the teen’s mind and has been the cause of some post-event stress.”
Hamilton police were asked to explain the brutish response to a non-violent crime, but no response has been given yet.
What’s next for the gifted hacker? There’s a silver lining.
The young man, 17 at the time of the crime, struck a deal with prosecutors. After a year in custody, he pleaded guilty to just one count of theft over $5,000. The Hamilton court suggested no jail time – he was sentenced to one year of probation during which he can’t handle digital assets, such as transacting in cryptocurrency. The young adult cannot be named due to Canada’s Youth Criminal Justice Act.
Now, he’s looking forward to a job in cybersecurity after finishing high school. Reportedly, he was raised by his mother because his parents split up due to financial issues. He had dropped out of school due to struggles with mental health issues including anxiety, according to his defence lawyer, Luka Rados.
“Someone having been involved in a massive cryptocurrency hack now becoming a security expert is a fitting way for this case to come full circle,” the lawyer said.
The teen’s legal trouble ended up with one upside.
“After [the teen] was charged and found himself stuck in custody, [his] dad took it upon himself to move back to Ontario, bail out his son and be there as a father,” Rados said.
It looks like the victim is out of luck.
The victim, Josh Jones, an entrepreneur and investor from California, got 94 bitcoins (around $2.5 million) returned, plus a direct apology from the hacker.
“I intend to move forward only in a positive direction,” the perpetrator said. The rest of the $48 million has yet to be recovered.