A judge has sentenced Jordan Dave Persad, 20, of Orlando, Florida, to 30 months in prison and $1 million restitution after he hacked into people’s emails, took over phone numbers, and stole $1 million worth of cryptocurrency.
Taking over a cryptocurrency account is difficult, even if the hacker has the know-how. Many people use SMS-based two-factor authentication, so hackers would need access to the phone number to bypass it. As it turns out, this is not as difficult as people might think, and it’s one reason people should never use SMS two-factor authentication if there’s a choice.
“Between March 2021 and September 2022, Persad and his co-conspirators hacked into victims’ email accounts, hijacked their cell phone numbers, and gained unauthorized access to their online cryptocurrency accounts,“ wrote the US Attorney’s Office for the District of Arizona in a press release. “As a result of this scheme, often referred to as ‘SIM swapping,’ Persad and his co-conspirators stole close to $1 million worth of cryptocurrency from dozens of victims, including approximately $30,000 from a victim in Arizona.”
“Defendant and his co-conspirators then divided these stolen funds amongst themselves, with Persad keeping around $475,000. Investigators were able to recover some of these funds when they executed search warrants at Persad’s Orlando home,” the US Attorney’s Office added.
In many cases, Sim-swapping involves tricking the phone operator of the mobile carriers into moving the number to a blank SIM card that the hackers control. Access to the email also helps to change passwords and interact with other online services that might send links to the compromised email accounts.