An eighteen-year-old from Montreal is facing four criminal charges connected to a $50 million SIM-swapping scam targeting cryptocurrency holders, Infosecurity Magazine reported on Jan. 17.
The hacker, Samy Bensaci, is accused by Canadian authorities of being part of a ring that stole millions of dollars in cryptocurrency from American and Canadian holders. The theft is said to have occurred in spring of 2018, with Québec police representative Hugo Fournier saying that the hackers were responsible for the theft of "$50 million from our neighbors to the south and $300,000 in Canada."
Among the purported victims were Don and Alex Tapscott, renowned Canadian crypto entrepreneurs and co-authors of the book “Blockchain Revolution: How the Technology Behind Bitcoin Is Changing Money, Business, and the World.”
Don Tapscott confirmed to The Star to have been targeted by the scheme, while denying that the hackers succeeded in stealing his funds:
“We can confirm that last year a hacker attempted steal crypto assets from our company and its employees. That attempt was unsuccessful. We cooperated with the police [and] have been impressed with their determination to bring those responsible to justice.”
Bersaci was arrested in Victoria, British Columbia in November 2019. The following month, he was released on a 200,000 Canadian dollar bail ($153,000) and prohibited from accessing any online-capable device, including gaming consoles, as well as owning or exchanging any form of cryptocurrency.
Infosecurity Magazine reports that many of the individuals supposedly targeted by the hackers had attended the Consensus conference in New York. Rob Ross, SIM-swapping victim and manager of StopSIMCrime.org, told Infosecurity Magazine that hackers spot targets during these events.
What is SIM-swapping?
A SIM-swapping attack occurs when the hackers are able to trick the telecom company to transfer the victim’s phone number to the attacker’s SIM card. Though it is possible to do this by impersonating the victim with the telecom’s customer service, the companies are plagued by insiders that use their access to facilitate this type of crime. With a SIM-swap, attackers can bypass most authentication and password recovery mechanisms that rely on phone numbers.
Cointelegraph previously reported many such cases, including an August 2018 victim who sued AT&T for its alleged negligence in preventing the thefts.