PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Investor Sues AT&T for $224 Million Over Cryptocurrency Hack

A tech entrepreneur is demanding AT&T pay damages for its role in failing to prevent hackers from stealing his mobile phone number, which was used to break into his cryptocurrency accounts.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

AT&T's failure to stop hackers from stealing the mobile phone number of a cryptocurrency investor in a "SIM swapping" scam has sparked a $224 million lawsuit against the company.

On Wednesday, the investor and tech entrepreneur Michael Terpin announced he was suing AT&T for its role in a hack that involved thieves stealing $24 million from his cryptocurrency accounts. "Somebody needed to sue AT&T for fraud and gross negligence in letting criminals SIM swap," Terpin said on Twitter.

The incident occurred this January when an AT&T employee in a Norwich, Conn. store transferred his number to an imposter. This allowed thieves to intercept Terpin's personal information, which was used to break into his cryptocurrency accounts.

According to Terpin, AT&T should've prevented the hack. Access to his account was supposedly protected by an additional security measure: the need for a special six-digit passcode that only he knew. In addition, the carrier had elevated his account to a special "high risk" security level after hackers stole his AT&T number in another SIM swapping incident in June 2017.

However, Terpin's lawsuit claims that AT&T's security apparatus contains one big hole: company employees who ignore the rules. According to his lawsuit, AT&T admitted to Terpin that the company employee in Connecticut had given up his number to the imposter without the need for the special passcode or even a scannable ID.

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones
Google Will Soon Spot Fake Calls on Supported Android Phones
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

"The employees at the AT&T store who unlawfully handed over Mr. Terpin's telephone number to thieves were either blind or complicit," the lawsuit claims. It goes on to accuse AT&T of being fully aware that some employees are perpetrating the SIM swapping scams, but doing nothing to stop them.

The lawsuit is demanding AT&T pay Terpin the $24 million lost in the hack and another $200 million in punitive damages. In response to the lawsuit, AT&T told PCMag: "We dispute these allegations and look forward to presenting our case in court."

It isn't the first time a carrier has been sued over SIM swapping. In February, a Washington man filed a lawsuit against T-Mobile in a similar incident involving hackers porting over his number to steal his cryptocurrency funds.

SIM swapping usually occurs when hackers try to break into your online accounts. By taking over the mobile phone number, a cybercriminal can in some cases reset the passwords to get in. They can also intercept any special codes you receive when logging into accounts protected by SMS-based two-factor authentication.

To protect yourself, you should consider removing your phone number from important accounts. You can also substitute SMS-based two-factor authentication with alternatives like using an Authenticator app, which will generate the special codes without the need for your mobile phone carrier. Cryptocurrency exchanges such as Coinbase support Authenticator apps.

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio