Blockchain Capital Co-Founder Sues Hacker For Stealing $6.3 Million in a SIM-Swap Attack
Co-founder and managing partner at Blockchain Capital, Bart Stephens, has taken legal action against an unidentified hacker who allegedly stole $6.3 million worth of cryptocurrencies from his digital wallets, Forbes reported.
Stephens claims Jane Doe exploited a SIM-swap vulnerability, manipulating personal information sourced from the dark web to bypass security protocols with the cellular network provider.
This breach enabled the hacker to reset account passwords and ultimately gain control over the victim’s digital assets.
The lawsuit filed in the United States District Court for the Northern District of California on August 16, alleges that the hacker orchestrated the attack in May by commandeering Stephens’ cellular network account and subsequently transferring his private cell number to a new device.
Earlier this month, the fund’s Twitter account was compromised in an unrelated security breach, used to promote a cryptocurrency token.
Hackers Stole $72 Million Via SIM-Swaps in 2022
SIM-swap attacks have been increasingly employed by cybercriminals, a trend underscored by the FBI.
As per the FBI, SIM-swap attacks resulted in an estimated $72 million in losses in 2022, up from $68 million in 2021.
SIM-swap attacks rely on manipulating customer service representatives of cell phone networks into divulging sensitive personal information.
Armed with this data, hackers can manipulate security protocols to port a victim’s phone number onto a new device under their control.
Stephens, who co-founded Blockchain Capital in 2013 alongside his brother Brad Stephens, has been a prominent figure in the cryptocurrency realm.
The San Francisco-based fund has provided backing to several notable crypto startups, including Coinbase, Kraken, and Opensea.
Hacker Gained Control of Several Digital Wallets
The lawsuit alleges that the hacker exploited the compromised cell phone number to override password protection and two-factor authentication processes on various unspecified digital wallets.
Subsequently, the attacker embarked on a systematic looting of the plaintiff’s digital holdings.
Stephens claims that the hacker even communicated with him a day before absconding with the $6.3 million, boasting about their ability to remotely manipulate U.S. phone numbers.
In addition to the stolen funds, the hacker sought to get away with an additional $14 million in bitcoin and ethereum held in a custodial cold wallet owned by Stephens.
Fortunately, a vigilant employee of Blockchain Capital detected the suspicious activity and thwarted the unauthorised withdrawal. The incident marked the first time Stephens learned about the attack on his account.