Florida man Nicholas Truglia was sentenced to 18 months in prison on Thursday for his involvement in a fraud scheme that led to the theft of millions from cryptocurrency investor Michael Terpin.
The funds were stolen following a January 2018 SIM swap attack that allowed Truglia’s co-conspirators to hijack Terpin’s phone number and fraudulently transfer roughly $23.8 million in cryptocurrency from his crypto wallet to an online account under Truglia’s control.
According to the indictment, the defendant “agreed to convert the stolen cryptocurrency into Bitcoin, another form of cryptocurrency, and then transfer the Bitcoin to other Scheme Participants, while keeping a portion as payment for his services.”
In all, Truglia kept at least approximately $673,000 of the stolen funds to assist the other fraudsters in collecting and dividing the illegally obtained funds among them.
The 25-year-old was ordered to pay a total of $20,379,007 to Terpin within the next 60 days, until January 30, 2023.
The restitution order says $12.1 million is due to be paid before December 31, and $8,279 million is payable on or before January 30.
“Nicholas Truglia and his associates stole a staggering amount of cryptocurrency from the victim through a complex SIM swap scheme,” U.S. Attorney Damian Williams said.
“Nevertheless, today’s sentencing goes to show that no matter how sophisticated the crime is, this Office will continue to successfully prosecute those who choose to defraud others.”
In addition to the prison term, Truglia was sentenced to three years of supervised release and was ordered to forfeit $983,010.72.
Ellis Pinsky, the SIM swap gang’s suspected 15-year-old leader (at the time), reached a deal with Terpin in November and was ordered to pay the investor $22 million.
Increasing number of SIM swapping attacks
SIM swapping (aka SIM hijacking, SIM jacking, or SIM splitting) enables criminals to take control of a target’s phone number with the help of bribed employees or by convincing their mobile carriers to swap the number to an attacker-controlled SIM card using social engineering.
In early February, the FBI warned that criminals had escalated SIM swap attacks to steal millions from unsuspecting victims by hijacking their phone numbers.
The warning followed an FCC announcement that it started working on new legislation that would pull the brake on SIM-swapping attacks.
FCC’s move is the result of an increasing wave of consumer complaints regarding significant distress and financial harm from SIM hijacking attacks and port-out fraud.
“From January 2018 to December 2020, the FBI Internet Crime Complaint Center (IC3) received 320 complaints related to SIM swapping incidents with adjusted losses of approximately $12 million,” the FBI said,
“In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.”
The FTC provides guidance on protecting against SIM-swapping. The three major U.S. mobile carriers also advise customers to set up a PIN code on their accounts (Verizon, T-Mobile, AT&T) to block social engineering attacks targeting customer service.
