Crypto Hacker Agrees to Pay $22M in AT&T SIM-Swap Case

A 15-year-old crypto hacker, who swindled crypto investor Michael Terpin out of millions, has agreed to pay $22 million to the victim, according to a court filing in the Southern District of New York.

The hack dates back to 2018 and involved an elaborate SIM-swap scheme that targeted mobile operator AT&T (T), which ultimately resulted in Terpin losing cryptocurrencies worth $24 million. SIM-swapping is a way of bypassing two-factor authentication (2FA) using mobile operators to break into sensitive websites like crypto exchanges and online banking.

The hacker confirmed his direct involvement in the SIM-swap and subsequent theft, according to the court filing, which has been signed by both Terpin and the hacker. A detailed account of how the AT&T SIM-swap occurred will also be provided by the 15-year-old.

Terpin's attorney, Tim Toohey, said that he hopes that with this detailed information AT&T will take responsibility for security failures that led to the breach.

In 2020, a California judge dismissed a $200 million damages claim against AT&T from Terpin. All remaining claims against the hacker, other than the New York state law claim for conversion, will be dismissed.