19-year-old kid hacked hundreds of phones to steal $1 million USD in cryptocurrency

In many cases young people with great intellect and hacking skills use their knowledge for questionable purposes. This is the case of a young man from Brookly, New York, who allegedly committed identity fraud that affected more than 70 people to steal about $1 million USD in cryptocurrency, all from his home, web application security experts report.

Yousef Selassie, 19, would have taken control of 75 people’s phones in 20 different states between January and May this year, the Manhattan District Attorney’s Office reports. Apparently, Selassie designed a complex campaign using an attack variant known as ‘SIM swap’ to realize identity fraud.

Thanks to this attack, Selassie transferred the victims’ phone numbers to various iPhone devices of their own, allowing them to collect the information needed to reset the victims’ passwords and gain access to Gmail accounts, addresses cryptocurrency, among other platforms. According to web application security specialists, when the attack was completed, the victims’ phones suddenly stopped working for no apparent reason.

A report by New York authorities mentions that the hacker stole the million dollars from only two online cryptocurrency wallets, indicating that the owners of those portfolios could be major investors of virtual assets. Finally Yousef Selassie was arrested on December 5 in California and sent back to New York.

This week, before the Manhattan Supreme Court, Selassie pleaded not guilty to 87 counts of grand theft, identity theft, among other crimes. The judge in charge of the case ordered the defendant to surrender his passport and undergo a supervised release program, so he will have to appear in court weekly until further notice.

When inspecting two homes in Brooklyn and California, authorities confiscated six iPhones, two Rolex watches, fine jewelry pieces, among other goods.

International Institute of Cyber Security (IICS) web application security specialists claim that SIM swap attacks have a high success rate, as threat actors only need to know a few details about the victim to deceive employees of the target telephone company and take control of a phone number with minimal effort.