SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison

Florida local Nicholas Truglia was sentenced to 18 months in prison for his involvement in a high-profile crypto theft of investor Michael Terpin.

The heist unfolded during a SIM-swapping scam in January 2018, where threat actors hijacked Terpin’s phone and used it to access to his accounts, including a cryptocurrency wallet.

After breaching the accounts, the perpetrators reached out to Truglia, adding him to a call with other scam participants, and informed him of the success of the SIM-swapping attack. During the call, Truglia agreed to receive fraudulently siphoned funds from the victim by providing an account to his co-conspirators.

“Over the next few hours, TRUGLIA made the Truglia Account available to other Scheme Participants to receive the Victim’s stolen cryptocurrency, where it was converted into Bitcoin,” the US Department of Justice said in a press release. “Scheme Participants transferred much of this Bitcoin to other accounts controlled by them and left a portion of the criminal proceeds for TRUGLIA.In total, during the SIM Swap, Scheme Participants stole over $20 million worth of the Victim’s cryptocurrency, with the defendant keeping at least approximately $673,000 worth of the stolen funds.”

Truglia was sentenced to 18 months in prison and was given 60 days to pay $20,379,007 in restitution to Terpin. He was also ordered to forfeit $983,010.72 and sentenced to three years of supervised release.

In a SIM swapping attack, threat actors use a series of techniques to hijack the victim’s phone number. After harvesting enough personal details about the target, crooks contact the phone company, asking to port the victim’s number to a new SIM card they own. Once the number is transferred, the victim loses connection to the network, allowing perpetrators to bypass 2FA on certain accounts that use SMS validation codes.