19 year old Yousef Selassie has been indicted by New York prosecutors, charged with performing SIM swaps to take control of the accounts of 75 phone subscribers, and then stealing over USD1mn of cryptocurrency from two of his victims. An announcement by the New York District Attorney states:
…between January 20 and May 19, 2019, Selassie fraudulently transferred the cell phone numbers of at least 75 different individuals across the United States, including New York County, to Apple iPhones in his possession. Selassie then circumvented two-factor authentication security measures to access the victims’ online accounts, by requesting that recovery codes be texted to the phone numbers already associated with those online accounts – phone numbers which he now controlled.
Targets were allegedly chosen for the wealth they held in cryptocurrency.
Selassie accessed the victims’ online accounts, including but not limited to Gmail, Yahoo, and Dropbox, in order to determine whether the victims maintained cryptocurrency accounts. In some instances, Selassie also changed the passwords on accounts to prevent the victims from regaining control. As alleged, Selassie intentionally selected and targeted victims known to be active in cryptocurrency, due in part to the inherent difficulty in tracing the theft and transfer of cryptocurrency. In total, Selassie accessed accounts belonging to victims in 20 different states, and stole more than $1 million in cryptocurrency.
Selassie’s homes in California and New York were both searched. Court papers said the searches yielded a handwritten note of a seed phrase for a cryptocurrency wallet and other incriminating evidence. The authorities also found six iPhones, two Rolex watches, and custom-made jewelry which had been purchased using Bitcoin.
Selassie plead not guilty at the Manhattan Supreme Court to 87 counts, including Grand Larceny and Identity Theft.
