Blockchain Capital's Bart Stephens Lost $6.3 Million In SIM-Swap Hack

Blockchain Capital’s Bart Stephens Lost $6.3 Million In SIM-Swap Crypto Hack
Iain Martin
Forbes Staff
I'm the Forbes Europe News Editor and I cover technology.
Follow
1
Aug 21, 2023,10:59am EDT
Blockchain Capital cofounder Bart Stephens has filed a lawsuit after losing $6.3 million of bitcoin and other cryptocurrencies to an anonymous hacker in a so-called SIM-swap attack.
Blockchain Capital cofounder Bart Stephens has filed a lawsuit after losing $6.3 million of bitcoin and other cryptocurrencies to an anonymous hacker in a so-called SIM-swap attack.SAN FRANCISCO CHRONICLE VIA GETTY IMAGES
Bart Stephens, cofounder and managing partner of crypto fund Blockchain Capital who was an early and prominent evangelist for cryptocurrencies, has filed a lawsuit against an anonymous hacker who stole $6.3 million of bitcoin, ether and other cryptocurrencies from his digital wallets.

Stephens alleges that the hacker, who is identified only as Jane Doe, used personal information available online and on the dark web to bypass security checks with his cellular network provider and change account passwords in May. The hacker ordered a new cell phone after seizing control of his cellular network account, and then ported Stephen’s private cell number to a SIM in the new device, according to a lawsuit filed at the United States District Court for the Northern District of California on August 16.

This exploit is known as a SIM-swap attack, which the Federal Bureau of Investigations warned in 2022 were increasingly common and targeted at victims who were likely to own large amounts of cryptocurrency. The FBI estimates that $72 million was stolen in SIM-swap attacks last year, up from $68 million in 2021.

Stephens founded Blockchain Capital in 2013 with his brother Brad Stephens. The San Francisco-based fund has since gone on to back crypto startups like Sam Altman’s Worldcoin, Coinbase, Kraken, and NFT exchange Opensea. Blockchain Capital’s Twitter account was hacked earlier this month to promote a crypto token, according to Cointelegraph.

Stephens’ lawsuit claims that the hacker used his cell phone number to reset passwords, and pass two factor authentication tests, at several unnamed digital wallets and then “began to systematically steal plaintiff's digital assets.”

A day before the hacker moved $6.3 million to their private crypto wallets, they wrote to Stephens to brag that they could “remotely hack anyone’s phone number in the mainland U.S.” in a message sent from one of his own hacked accounts to his work email.

The hacker also tried to steal bitcoin and ethereum worth $14 million from a “custodial cold wallet” owned by Stephens but were blocked by a Blockchain Capital employee who had been notified of the withdrawal. “This notification was the first time that Plaintiff learned that Plaintiff’s [redacted] account was under attack,” Stephens’ attorney wrote in the lawsuit.

Stephens’ cell phone network only confirmed on May 15, a day after the funds were stolen, that he had been the victim of a SIM-swap attack. Around half of the funds were moved to cryptocurrency tumbler exchanges that mix digital assets which can help anonymise transactions, and make tracing stolen bitcoin and other coins harder. Stephens did not respond to a request for comment.

SIM-swap attacks typically rely on hackers manipulating or “social engineering,” tricking cell phone network customer service operators into revealing personal information about a victim. The hacker then uses that information to pass security tests needed to port a victim’s phone number to a new SIM card and phone in their control.

In one of the largest SIM-swap attacks to date, Florida man Nicholas Truglia was sentenced to 18 months in jail in December 2022 for the theft of over $20 million from crypto investors including Transform Ventures’ Michael Terpin, according to Bloomberg.

Stephens has long been an outspoken proponent of crypto and a foil to critics like JP Morgan CEO Jamie Dimon, who has repeatedly dismissed bitcoin as a fraud. “I would encourage Jamie Dimon and others to do some homework first. It is not a fraud. It is not a Ponzi scheme. It’s a robust technology that is going to impact multiple industries,” Stephens told CNBC in 2017.