Single crypto heist that netted $20m – and cost perp 18 months behind bars

They say don’t put all your eggs in one basket – and the victim of a single $20 million crypto-heist might want to bear that in mind in the future. In the meantime, one of the perpetrators has been sentenced to 18 months in prison and told to repay the stolen money, the Department of Justice (DoJ) announced.

Nicholas Truglia, 25, a Florida resident, worked with accomplices who gained access to the unnamed victim’s cryptocurrency wallet simply by hijacking a mobile phone SIM card and rerouting sensitive data to a handset they controlled.

This enabled the cyber gang to access the victim’s digital wallet, which contained a staggering $20 million in an undisclosed denomination of digital currency. Truglia’s role in the scam was to receive the initial fraudulent transfer for the entire amount before passing it on to his accomplices. The stolen haul was then converted to Bitcoin by Truglia’s criminal associates, who left him a cut of $673,000 for his trouble.

That will come as cold comfort to Truglia, who is now liable to pay back all stolen funds plus a fine of just under $1 million within a 60-day deadline, which he will be spending behind bars.

The DoJ added that Truglia and his accomplices conducted the “cyber intrusion” of the victim’s online accounts in January 2018, gaining illicit access using a technique known as “SIM swapping.”

“During a SIM swap attack, cyber threat actors gain control of a victim’s mobile phone number by linking that number to a subscriber identity module (SIM) card controlled by the threat actors, resulting in the victim’s calls and messages being routed to a device controlled by the threat actors,” it added.

“The threat actors then use control of the victim’s mobile phone number to obtain unauthorized access to accounts held by the victim that are registered to the mobile phone number.”

Damian Williams, US Attorney of the federal court of the Southern District of New York that handed down the sentence, pointed out that technical know-how would not prevent criminals from getting caught.

He said: “Nicholas Truglia and his associates stole a staggering amount of cryptocurrency from the victim through a complex SIM swap scheme. Nevertheless, today’s sentencing goes to show that no matter how sophisticated the crime is, this office will continue to successfully prosecute those who choose to defraud others.”

Truglia was brought to justice by the Federal Bureau of Investigation (FBI) and the DoJ’s Complex Frauds and Cybercrime Unit.