- A well-known cryptocurrency exchange, Bittrex, is currently being sued over a SIM swap, which allowed criminals to steal 100 BTC.
- The heist is worth nearly $1 million, and it was performed by a hacker taking over control of the victim's cell phone.
- The victim, Gregg Bennett, is suing Bittrex for violation of its own security protocols, claiming that the exchange failed to stop the heist because it ignored the industry's standards.
Hacking attacks against cryptocurrency exchanges have grown to become regular news in the crypto industry, particularly in the last few years. Since the crypto prices surged in 2017, hacks have become quite frequent, even when it comes to major players among the exchanges.
The most recent example hit the exchange known as Bittrex, and it was performed through a so-called SIM swap. This type of hacking attack happens when a hacker takes control over someone’s phone and briefly steals their identity.
The hacker then uses the phone to access the victim’s online crypto account and steal their funds. According to Seattle-based investor, Gregg Bennett, this is what happened to him, and he blames Bittrex for allowing it. According to Bennett, Bittrex had the opportunity to stop the heist but has failed to do so because it ignored industry standards, and has violated its own security protocols and practices.
The attack happened on April 15th of this year, and Bittrex either did not notice that something was amiss, or it did not react, according to Bennett. In fact, he notified the exchange of the hack himself, claiming that 100 BTC was stolen from him. Even so, the financial legal examiner for Washington state’s regulator claims that Bittrex did not react quickly enough and that it did not take reasonable steps to respond to Bennett’s report.
While the exchange did not comment on the case directly, its CEO, Bill Shihara, spoke recently on SIM hacks, recommending that users enable Double Authentication and that they should not rely on their phone for security.
Meanwhile, Bennett believes that the hack could have been an inside job and that someone from the carrier, AT&T, may have been involved. Even so, his suit does not mention AT&T at all. Instead, he focuses on Bittrex, claiming that the exchange should have noticed something sooner, especially since the hacker returned one day later to try to steal 35 more BTC from Bennett’s account.