Over the past year, a legal battle has been raging on over the level of guilt that AT&T is alleged to have over several hundred cases of crypto theft that occurred on AT&T devices. This case has finally come to an end after litigating for over a year. This type of theft has become more popular in recent years as two-factor authentication becomes widely-used. Once thought to be the most effective way of securing currency in an exchange, two-factor authentication can now be taken advantage of by stealing the phone number of the cryptocurrency holder.
By owning the phone number of the account holder, a thief can receive the 2FA code that is sent to the phone and is required to log in to the exchange account. This gives them access to the account and its holdings, assuming they can gain access to the username and password, or they can get access through customer support or password recovery processes.
The plaintiff, Mr. Terpin, alleged that AT&T should have foreseen this vulnerability in the authentication process and have taken more steps to prevent others from gaining access to his and others’ phone numbers. Though the judge acknowledged that AT&T should have seen this coming, he also said that Mr. Terpin did not take full security measures into his own hands and did not make the connection between AT&T and his loss of over $24 million as the result of a breach of his account.
This week, a judge threw out the case that Mr. Terpin brought to the court and found that AT&T was not responsible for the $24 million that was lost.