US-based cryptocurrency exchange Bittrex has found itself under fire for allegedly failing to prevent the theft of 100 Bitcoin by a thief performing a SIM-swap attack.
Angel investor Gregg Bennett has taken Bittrex to court alleging that it did not take adequate measures after he alerted the exchange of the hack.
SIM swapping is an increasingly popular hacking method that involves the hacker obtaining the victim’s mobile phone SIM card and using it to gain access to important accounts and passwords by impersonating the true owner.
Bennett is claiming that Bittrex went against its own security protocols and failed to take immediate action following the notification that his account was being hacked on April 15, 2019.
He states that the rogue actors began the attack from a suspicious IP address and operating system.
He believes both of these factors should have served as red flags to the exchange that someone was trying to compromise his wallet.
Bennett alerted the exchange himself but alleges Bittrex ignored his warning for two hours, allowing the thief to continue draining his account.
The hacker attempted a subsequent heist the next day, but by this time the exchange had responded to Bennett’s emails. The suit claims that this is the only way Bittrex accepts requests from depositors, even in emergencies.
The angel investor’s lawyers have also slated Bittrex for its failure to enforce a 24-hour withdrawal embargo on Bennett’s account after he changed his password and two-factor authentication (2FA) details.
The victim’s troubles didn’t end there either.
“Trying to convince Bittrex and Bittrex owner Bill Shihara that I was hacked also took a colossal effort,” Bennett revealed.
“I had to virtually knock down Bill’s door for the company to take my issue seriously and acknowledge that they’d been duped by the hackers.
“Had Bittrex shown the hackers half of the suspicion they showed me, we wouldn’t be filing this suit.”
Interested in reading more cryptocurrency theft-related stories? Discover more about crypto scammers using YouTube live streams to defraud victims.]