Two men were arrested in the US on Monday on suspicion of committing a SIM swap attack which allowed them to steal £10.8 million in cryptocurrency from a Californian firm.
In a SIM swap attack, threat actors transfer the victim’s phone account to their own device to gain access to sensitive information accessible by the account.
Fletcher Robert Childers, 23, and Joseph Harris, 21, were arrested in Oklahoma City on suspicion of gaining unauthorised access to a cryptowallet owned by San Jose-based firm Crowd Machine to steal £10.8 million worth of the firm’s Crowd Machine Compute Tokens (CMCTs), according to Oklahoma News 4.
The breach was reported on 22 September after the victim’s mobile phone account was transferred to another device located near the hotel where the men were arrested and authorities said the phone was purchased at a nearby WalMart where surveillance video showed two white males visiting the store, one of which purchased a phone on 18 September.
The two allegedly taunted the victims after the theft was carried out and Crowd Machine said most exchanges temporarily suspended trading of the currency. Crowd Machine also recommended no one purchase tokens until after the investigation noting that stolen tokens involved in the theft wouldn’t be honoured.
* Originally published in scmagazine.com North America.