A Hamilton youth has been charged in the theft of $46 million in cryptocurrency after investigators learned some of it was put toward buying a gaming username.
Local police worked with the FBI and U.S. Secret Service to investigate millions in missing currency stolen via what’s known as a SIM swap attack, said Det.-Const. Kenneth Kirkpatrick from Hamilton Police Service’s cybercrimes unit.
The three agencies started working together in March 2020 after an American reported the loss.
On Wednesday, investigators seized $7 million in cryptocurrency.
Kirkpatrick wouldn’t say the exact age or gender of the youth, or the username that youth bought. He also didn’t say whether the youth was acting alone, saying the case is currently in Hamilton court.
But he said investigators cracked the case after the name was purchased on the gaming network.
Police said it’s the largest individual cryptocurrency theft from one person that’s ever been reported in North America.
“The amount, of course, is very surprising,” Kirkpatrick said. “That’s a large amount of money, and it’s a large amount of money in anybody’s opinion.”
What is a SIM swap attack?
A SIM swap attack is when someone manipulates cellular network employees to duplicate phone numbers, so that person can use the number to intercept two-step authorization requests.
In other words, if someone gets a code sent to their phone to recover a password, the thief can intercept that code to get access to the account, says Guy-Vincent Jourdan, a professor at the University of Ottawa’s school of engineering and computer science.
Kirkpatrick said this is especially potent given that many people use the same password for multiple sites.
Jourdan, who isn’t involved in this case, said cryptocurrency systems have a lot of weaknesses that can be exploited for fraud and theft.
Fewer safeguards for crypto
“There’s no regulation,” he said. “There’s no backup. There’s no guarantee of anything,” Jourdan said.
“If you use the normal banking system, then the banks are regulated. You can say, ‘I didn’t mean to do that transaction.’ You can contact that bank, get the money back. There is centralization. There is control over it. There’s none of that in crypto.
“There are absolutely zero safeguards to give you the possibility to say, ‘Oops.'”
Kirkpatrick said cyber and cryptocurrency crimes are increasingly common. His unit began in 2018, and educates other Hamilton police officers and the public.