Florida man Nicholas Truglia was sentenced to 18 months in prison on Thursday for his involvement in a fraudulent scheme that led to the theft of millions of dollars from cryptocurrency investor Michael Terpin.
The funds were stolen following a January 2018 SIM swapping attack that allowed Truglia co-conspirators to hijack Terpin’s phone number and fraudulently transfer around $23.8 million in crypto -currency from his crypto wallet to an online account under the control of Truglia.
According to chargethe defendant “agreed to convert the stolen cryptocurrency into Bitcoin, another form of cryptocurrency, and then transfer the Bitcoin to other program participants, while retaining a portion as payment for his services.”
In total, Truglia kept at least about $673,000 of the stolen funds to help other fraudsters collect and distribute the illegally obtained funds among themselves.
The 25-year-old was ordered to pay a total of $20,379,007 to Terpin over the next 60 days, until January 30, 2023.
The restitution order says $12.1 million must be paid by December 31 and $8,279 million must be paid by January 30.
“Nicholas Truglia and his associates stole a staggering amount of cryptocurrency from the victim via an elaborate SIM card swapping scheme,” said U.S. Attorney Damian Williams. said.
“Nevertheless, today’s sentencing shows that no matter how complex the crime, this Bureau will continue to successfully prosecute those who choose to defraud others.”
In addition to the prison sentence, Truglia was sentenced to three years of probation and was ordered to lose $983,010.72.
Ellis Pinsky, the alleged 15-year-old leader of the SIM card swapping gang (at the time), reached an agreement with Terpin in November and was ordered to pay $22 million to the investor.
Increased number of SIM card swapping attacks
SIM card exchange (aka SIM card hijacking, SIM card hijacking, or SIM card splitting) allows criminals to take control of a target’s phone number with the help of bribed employees or by convincing their mobile carriers to swap the number on a SIM card controlled by an attacker using social engineering.
In early February, the FBI warned that criminals had stepped up SIM swapping attacks to steal millions from unsuspecting victims by hijacking their phone numbers.
The warning followed an announcement from the FCC that it has begun work on new legislation that would curb SIM card swapping attacks.
FCC’s decision is the result of a growing wave of consumer complaints about significant distress and financial harm resulting from SIM card hijacking and transfer fraud attacks.
“From January 2018 to December 2020, the FBI’s Internet Crime Complaint Center (IC3) received 320 complaints related to SIM card swapping incidents with adjusted losses of approximately $12 million,” said said the FBI,
“In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of over $68 million.”
The FTC provides tips on SIM swap protection. The three major US mobile operators also advise customers to set up a PIN code on their accounts (Verizon, T-Mobile, AT&T) to block social engineering attacks targeting customer service.