Blockchain Capital’s Co-founder and Managing Partner, Bart Stephens, has initiated legal proceedings against an unidentified hacker who allegedly absconded with a staggering $6.3 million worth of cryptocurrencies from his digital wallets, according to a recent Forbes report.
Stephens contends that an individual, known only as Jane Doe, exploited a SIM-swap vulnerability, artfully sourcing personal information from the dark web to sidestep security protocols within the cellular network provider’s system.
This breach granted the hacker the power to reset account passwords, ultimately securing control over the victim’s digital assets.
The lawsuit, which was filed in the United States District Court for the Northern District of California on August 16, asserts that the hacker executed the attack back in May by commandeering Stephens’ cellular network account and subsequently transferring his private cell number to a new device.
In an unrelated security breach earlier this month, the fund’s Twitter account was compromised and used to promote a cryptocurrency token.
Intriguingly, SIM-swap attacks have become increasingly popular among cybercriminals. This trend has been underscored by data from the FBI, which estimates that SIM-swap attacks resulted in losses amounting to a staggering $72 million in 2022, up from $68 million in the previous year.
SIM-swap attacks hinge on manipulating customer service representatives of cell phone networks into revealing sensitive personal information. With this data in hand, hackers can manipulate security protocols to transfer a victim’s phone number to a device under their control.
Bart Stephens, who co-founded Blockchain Capital in 2013 alongside his brother Brad Stephens, has been a prominent figure in the cryptocurrency world. The San Francisco-based fund has provided support to several notable crypto startups, including Coinbase, Kraken, and Opensea.
The lawsuit claims that the hacker exploited the compromised cell phone number to override password protection and two-factor authentication processes on various unspecified digital wallets. Following this, the attacker systematically looted the plaintiff’s digital holdings.
Stephens even alleges that the hacker communicated with him a day before making off with the $6.3 million, brazenly boasting about their ability to remotely manipulate U.S. phone numbers.
In a further audacious move, the hacker attempted to abscond with an additional $14 million in bitcoin and ethereum held in a custodial cold wallet owned by Stephens. Fortunately, a vigilant employee of Blockchain Capital detected the suspicious activity and thwarted the unauthorized withdrawal. Remarkably, this incident marked the first time Stephens became aware of the attack on his account.