Crypto Exec’s $1.8M SIM-Swap Lawsuit Has ‘Critical Holes,’ Says AT&T
AT&T has again argued against allegations it was in part responsible for a SIM-swap hack that cost crypto exec Seth Shapiro $1.8 million.
AT&T says a lawsuit over a $1.8 million crypto hack fails to show how the U.S. telecom giant was responsible.
The case, brought by VideoCoin's head of strategy, Seth Shapiro, in October, alleges that, in 2018, AT&T employees were responsible for transferring control of his phone number to hackers, who used it as part of a SIM-swap scam that drained his exchange accounts of more than $1.8 million worth of cryptocurrencies.
In a Jan. 22 filing in support of its December motion to dismiss the case, AT&T says Shapiro's allegation has a "fundamental problem" because it "jumps" from hackers gaining his phone number to the withdrawal of millions of dollars worth of cryptocurrency.
With the hackers allegedly having paid off AT&T employees – who've since been fired and are being prosecuted in criminal court – to gain control of his phone, Shapiro's lawyer, Andrew Calderon, has accused the company of "systemic negligence." He previously told CoinDesk: "AT&T has a rich and troubling heritage of taking less than adequate measures to protect its customers’ data from unauthorized access.”
But according to AT&T's December dismissal motion, Shapiro's allegation relies on "bare thin conclusion." Hackers needed more than a phone number to access exchange accounts, the dismissal filing reads, and the plaintiff has not said how hackers knew about his accounts and how they knew he was an AT&T customer. The motion also says Shapiro has not conclusively shown how the fault for the hack lies at AT&T's door.
Wednesday's filing further claims: "Mr. Shapiro’s request that this Court assume that the SIM swap must have led logically and foreseeably to the theft is unfounded." The filing also refutes the plaintiff's claim of "intentional misconduct" for disclosing information, like a Social Security number and exchange passwords, that AT&T says it would never have ever had in its possession.
The firm's lawyers also highlight that Shapiro has not said whether his phone was used for any two-factor authentication mechanisms on his exchange accounts.
"Mr. Shapiro blames AT&T for the theft, but he is wrong, and his complaint states no viable claim against AT&T under any theory," December's filing reads. The complaint "overreaches at every turn to blame AT&T for conduct that it did not control" and the lawyers suggest "Mr. Shapiro's own negligence" could be to blame for the hack.
AT&T further states in the latest filing that, in his opposition to the motion to dismiss, Shapiro "ignores critical holes in his allegations" and is requiring the court to make "wild guesses."
Shapiro's opposition to the motion to dismiss, filed in early January, states: "Unable to deny its involvement in these criminal acts, AT&T marshals a host of red herring, whataboutism inquiries to make it appear as though the theft of Mr. Shapiro’s funds was utterly unforeseeable and unrelated to the SIM swap."
In the case of Shapiro, the court will hear AT&T's motion for dismissal in the Central District of California, Western Division, Los Angeles on Feb. 18.
The leader of the hacking group responsible for Shapiro's loss, 21-year-old Joel Oritz, was sentenced to 10 years in federal prison after pleading no contest to charges of orchestrating 13 SIM swaps in April 2019.
STORY CONTINUES BELOW
See the full document below: