A 21-year-old Manhattan resident, Nicholas Truglia, is accused of carrying out a SIM swap attack—emptying cryptocurrency investor Michael Terpin’s account—through SIM card exchanges, causing more than $23 million in losses, and he is also facing 21 counts of felony charges. The most widely circulated detail of the case is not the massive amount that was stolen, but a tweet the suspect himself posted: “Stole $24 million, yet still can’t seem to make friends.”
How SIM Swap Attacks Empty Crypto Accounts in Just a Few Hours
A SIM swap attack is a highly targeted social engineering technique. The attacker tricks or bribes customer service representatives at telecommunications companies to transfer the victim’s mobile phone number to a SIM card controlled by the attacker. Once the attacker gains control of the phone number, they can use the “forgot password” feature to bypass two-factor authentication (2FA) through SMS verification codes, and then access email accounts, exchange accounts, and crypto wallets.
Michael Terpin said that on January 7, 2018, he was the victim of a SIM swap attack, and more than $23 million in crypto assets in his account were transferred out in a very short period of time. Afterward, he filed a civil lawsuit against Truglia, stating: “I filed this lawsuit as part of my ongoing efforts to pursue the losses from the theft.”
The Suspect’s Self-Inflation: A Complete Profile Revealed by a Sworn Statement
A sworn statement submitted by Truglia’s former partner, Chris David, details the suspect’s lifestyle habits and mental state while he was stealing, providing a wealth of firsthand information for the entire case.
Key Details Recorded in Chris David’s Sworn Statement
A Luxurious Material Life: Rolex watches, a $6,000-per-month apartment, $100k in cash kept in a closet
Calling Himself a Robin Hood: claiming he “takes from the rich, but doesn’t give to the poor”
Publicly Praising SIM Swap Behavior: boasting about having carried out a SIM swap attack on his father through a Twitter account, @erupts
Claiming He Will Never Get Caught: “How can they prove my story is wrong? No one can put me in prison. I’m willing to bet my life on it.”
Other Behavior Recorded: David’s sworn statement also mentions that Truglia has a habit of dodging restaurant bills
Among all the details, the one with the most lasting impact is that tweet—“Stole $24 million, yet still can’t seem to make friends.” This publicly shared statement, filled with self-mockery, ultimately became part of the court filing documents and also became a widely cited warning example throughout the crypto security community.
Case Outcome and Long-Term Lessons for Crypto Security
Truglia was arrested in Manhattan in November 2018, and was then extradited to California, facing 21 felony charges. His case is a representative early example of SIM swap attacks targeting holders of high-net-worth crypto assets, and it also vividly reveals the core weakness of phone-number-based 2FA verification: the attacker doesn’t need to compromise devices—just controlling a single phone number is enough to take over a large number of associated accounts.
The case prompted the crypto community to discuss more broadly the need to upgrade verification methods, encouraging more users and institutions to move away from SMS 2FA toward authenticator apps (Authenticator App) or hardware security keys.
Frequently Asked Questions
What is a SIM swap attack, and why are crypto assets especially vulnerable?
A SIM swap attack is a social engineering method in which the attacker tricks telecommunications providers into transferring the victim’s phone number to their own SIM card. Since the reset process for most crypto exchange accounts relies on SMS verification codes, once the attacker obtains control of the number, they can completely bypass 2FA, making crypto assets a highly fragile target.
What impact did Michael Terpin’s case have on crypto security?
Terpin’s lawsuit against Truglia is one of the most representative SIM swap cases in crypto security history. It drove widespread discussion across the industry about assigning responsibility to telecommunications providers, and it also pushed the crypto community to more actively advocate abandoning SMS 2FA and switching to safer hardware-based verification solutions.
How can you effectively defend against SIM swap attacks?
Key protections include: replacing SMS 2FA with a hardware security key or an authenticator app; requesting SIM lock settings or an account PIN from telecommunications providers; avoiding directly linking important crypto asset accounts to phone numbers; and regularly reviewing the verification methods of all accounts to reduce asset exposure if a phone number is transferred away.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Arbitrum Security Council Freezes 30,766 ETH From KelpDAO Exploit, 9 of 12 Members Vote in Favor
Arbitrum froze 30,766 ETH from the KelpDAO hack, worked with law enforcement, and recovered about a quarter of assets, while locking funds pending governance amid decentralization versus security debates.
Abstract: This article reports that the Arbitrum Security Council froze 30,766 ETH (about $70 million) tied to the KelpDAO exploit, with nine of twelve votes, and moved funds to a secure wallet in coordination with law enforcement. The operation targeted only affected assets to minimize network disruption. The exploiter is suspected to be DPRK-associated. The breach began April 18 via a LayerZero-powered bridge, draining 116,500 rsETH (~$292 million). About a quarter of stolen assets have been recovered. The frozen funds will remain locked until governance and legal authorities decide the next steps, prompting debate over decentralization versus security.
GateNews24m ago
Korean National Tax Service Launches Crypto Tax-Evasion Crackdown in July: Even Self-Custody Wallets and Mixing Services Can Be Traced
According to a report by ZDNet Korea, South Korea’s National Tax Service (NTS) issued on April 15 a procurement notice for a “virtual asset tax evasion response and transaction tracking software,” with plans to complete system selection by the end of May, deploy it in June, and officially launch it in July. The new system will be able to track self-custodied (non-custodial) wallets such as MetaMask and Phantom, and will include “demixing” technology to enforce tax evasion against offenders who use mixers to conceal the flow of funds.
This is the third upgrade to South Korea’s crypto tax investigation tracking system since 2024. In conjunction with new tax legislation that, starting in 2026, will formally bring crypto assets under taxation under the “Other Income” category of the comprehensive income tax, enforcement tools are being upgraded at the same time to improve collection efficiency.
Procurement scope: Chainalysis and TRM
ChainNewsAbmedia1h ago
South Korea's Tax Authority Introduces Crypto Tracking Software to Monitor Tax Evasion, Including Non-Custodial Wallets
Gate News message, April 21 — South Korea's National Tax Service announced on April 15 that it plans to deploy crypto asset tracking software from firms including Chainalysis and TRM Labs to monitor cryptocurrency transactions in real time, trace hidden assets of suspected tax evaders, and combat mo
GateNews1h ago
Arbitrum emergency freezes KelpDAO hacker’s 30,766 ETH
Arbitrum’s Security Committee announced on April 21 that it has taken emergency action to freeze 30,766 ETH on the Arbitrum One chain related to the KelpDAO hacker attack. With assistance from law enforcement agencies, the Security Committee confirmed the attacker’s identity and devised a technical plan to transfer the funds to an interim freeze wallet without affecting any other chain state or Arbitrum users.
MarketWhisper3h ago
DefiLlama denies exaggerated claims about the metrics, saying that Aave data has been excluded from the circulating liquidity calculation
KelpDAO’s vulnerability caused Aave’s total value locked (TVL) to fall from $26.4 billion on April 18, 2026, to about $17 billion on April 21, and after DefiLlama founder 0xngmi officially responded on the X platform to accusations that its Aave TVL figures were inflated by circular liquidity, he said that the amount of borrowed tokens has been deducted from the TVL.
MarketWhisper5h ago
Chinese National Arrested at Buenos Aires Airport for $49.4M Crypto Fraud Scheme
A Chinese national was arrested in Argentina for carrying a forged Paraguayan passport. He is wanted for orchestrating a $49.4 million cryptocurrency fraud in Nigeria, and extradition proceedings are being initiated.
GateNews8h ago
