T-Mobile has quietly agreed to a $33 million payout after a damaging SIM swap attack led to a massive cryptocurrency theft. The settlement came through private arbitration and sheds new light on ongoing security flaws plaguing the telecom industry.
Los Angeles law firm Greenberg Glusker announced that it had secured the $33 million arbitration award against T-Mobile, following the carrier’s role in a high-profile SIM swapping case. The firm argued that the incident resulted from multiple security breakdowns within T-Mobile’s internal systems.
What is a SIM Swap Attack?
A SIM swap attack happens when cybercriminals trick a mobile carrier into transferring a target’s phone number to a new SIM card under the attacker’s control. Once the number is hijacked, the hacker can bypass two-factor authentication and reset passwords to gain access to email, banking, and crypto accounts.
These attacks have been on the rise, with victims often losing access to critical accounts in minutes.
How T-Mobile Was Compromised
The arbitration centered on an incident dating back to February 21, 2020. On that day, a T-Mobile employee ported the number of entrepreneur Joseph “Josh” Jones to a SIM card controlled by a threat actor. Despite enhanced security on Jones’ account—including an eight-digit PIN—his protections failed.
The result? Over 1,500 Bitcoin and 60,000 Bitcoin Cash were stolen—worth about $38 million at the time.
Jones and his legal team suspect the attackers may have used a backdoor in T-Mobile’s system to bypass authentication measures. The case, previously kept under wraps since late 2023, highlights long-standing vulnerabilities in telecom security practices.
Behind the Attack: A Teen Hacker and Notorious Twitter Hijackers
Law enforcement traced the breach to a 17-year-old with ADHD, who had ties to known hackers Nima Fazeli and Joseph O’Connor. These individuals were linked to the infamous 2020 Twitter hack that compromised 130 accounts—including those of Elon Musk, Jeff Bezos, and Joe Biden—and hijacked 45 of them.
This wasn’t an isolated incident. In 2022, another hacker was sentenced for stealing $20 million in crypto using SIM swapping. And in 2023, companies like FTX, BlockFi, and Genesis suffered data breaches linked to a similar SIM swap attack involving risk firm Kroll and—once again—T-Mobile.
Telecom Giants Under Pressure to Act
While T-Mobile has yet to issue a statement regarding the arbitration ruling, critics argue the incident is part of a broader failure across the wireless industry to prioritize customer security.
“SIM swapping has been an unchecked security flaw for years. Carriers like T-Mobile have known about it and failed to take basic precautions,” said attorney Paul Blechner of Greenberg Glusker. “This award makes it clear: they must do better.”
Despite repeated warnings and growing losses, carriers have been slow to roll out robust safeguards. A 2020 study revealed that all major U.S. carriers were vulnerable to SIM swap attacks.
In response, the FCC introduced new rules in 2023 aimed at curbing the threat. And just last month, anti-fraud startup Aduna announced a partnership with AT&T, Verizon, and T-Mobile to boost defenses and protect consumers.
