A kid’s mischief could be unlimited sometimes. An 18-year old boy from Montreal has stolen $50 million worth cryptocurrency from several victims through SIM card swapping. This led him to face jail, a hefty bail fine and banned from accessing electronic gadgets. The hacker kid has supposedly stolen details of people who attended a blockchain meeting to impersonate them and gain access to their financial accounts.
A Common Scam
Samy Bensaci, an 18-year old Montreal teenager interested in hacking has managed to gain over $50 million worth cryptocurrency from several victims through SIM card swapping scam. He was captured and banned from using several gadgets after that.
How They Do It?
A SIM swapping scam happens to those who are foolish enough to leave their sensitive details open online. The hacker somehow gains the details (mostly identifiable personal) of his victim and contacts his respective SIM carrier by impersonating as an original customer. Then, he tries convincing them for reissuing a new SIM card on stories of lost phone, theft etc. If the carrier is convinced, they may deactivate the original SIM card which is being used by the user and issue a new one to the hacker!
This enables him to log in to any of the victim’s online accounts like Gmail, banks, cloud accounts etc to steal sensitive information or money. As in this case, the new SIM card in hacker’s possession would get all the login OTPs instead of the original user’s. This scan should be perfectly organised to be successful, as the original customer may contact his carrier if yeh SIM stopped abruptly and inform.
In this case, one of the victims as Rob Ross told, “AT&T gave him control of my mobile service and then all text messages to my number went to the hacker’s phone. In minutes, I lost control of my mobile service, email and several other accounts. Then he logged into my financial accounts and used my $1M in US dollars to buy Bitcoin with my $1M and sent it all to himself.”
An investigation into this case revealed that most of the victims have attended a Blockchain meeting called Consensus in New York. And from where Bensaci could have gained details of attendees to target them later. The incident happened in late 2018 and Bensaci was released in December last year after paying a $200,000 bail.
Since then, he was barred from accessing gadgets with internet connectivity such as phone, PC, gaming consoles and even banned from owning/exchanging cryptocurrencies. Since them, he was ordered to live with his parents now.