Bittrex Target of Latest $1 Million Crypto SIM Hack Lawsuit

Crypto exchange Bittrex is being sued over a SIM swap that netted criminals 100 bitcoin, currently worth nearly $1 million.

The case resembles other recent high-profile heists in which a hacker seizes control of a victim's cell phone to then loot online crypto accounts: the swap was from cellular carrier AT&T, money was taken from Bittrex, and the hack took control over the victim's online identity.

The hack against Seattle-based angel investor Gregg Bennett has not been resolved by criminal investigators, as others have before being made public in legal filings.

The financial legal examiner for the Washington state regulator handling consumer complaints, the Department of Financial Institutions, concluded that Bittrex did not "Take reasonable steps to respond" to Bennett's notice and "Appears" to have violated its own terms of service, in a signed letter dated Aug. 30, 2019 provided to CoinDesk by Bennett.

Bittrex declined to comment specifically about the Bennett hack and the court case.

CEO Bill Shihara, speaking to CoinDesk about other recent SIM hacks, said the exchange has robust security in place to prevent account breaches, including two-factor authentication and email verification when an unknown IP address logs into an account.

Bennett told CoinDesk that he suspects his hack was "An inside job," as he said that his account PIN and even Social Security number on the account were changed, which would imply that someone at the phone company played a role.

AT&T spokesman Jim Greer said he could only reiterate his prior responses to the SIM hacks: customers should avoid relying on their cell phones for security.

Bennett alleges in the lawsuit that the hackers ultimately drained 100 bitcoin from his account - the maximum daily withdrawal allowed.

Bennett's suit alleges Bittrex failed to follow industry security standards in his case.