T-Mobile has lost a lawsuit and must pay $33 million in compensation to cryptocurrency hack victim Joseph “Josh” Jones, who was attacked via SIM-swapping in 2020. The attacker stole more than 1,500 BTC and 60,000 BCH — worth 38 million$ — through vulnerabilities in the mobile operator’s systems.
The court ruled that responsibility for the leak lies with T-Mobile, whose negligence in security issues allowed it to reissue a SIM card tied to Jones’ number. The attack even bypassed eight-digit PIN protection. The hack gave the attacker access to cryptocurrency wallets, ignoring two-factor authentication.
The plaintiff believes that a backdoor in the operator’s internal infrastructure was used, and not just social engineering. Greenberg Glusker, which represented Jones, said T-Mobile “hid the truth and evaded responsibility,” and the trial confirmed systemic problems in protecting customers.
The attack occurred in February 2020. Jones had enhanced account protection, but this did not save him. Lawyers pointed to the long-standing lack of reaction of telecom companies to SIM-swapping, despite numerous warnings. The court found the company guilty, ordering it to compensate $ 6.5 million in legal fees and other costs.
The decision was made in the fall of 2023, but T-Mobile tried to keep it secret until the case became public. SIM-swapping is no longer ignored, and mobile operators must be held responsible for the hacks caused by their inaction. Jones’ lawyers emphasize that the court confirmed the main thing – consumers have the right to security and transparency.
176 
182 
185 