SIM swapper who stole over $16K in crypto pleads guilty to aggravated identity theft

A 20-year-old man in Pennsylvania has pleaded guilty to his involvement in a “SIM swap” and cryptocurrency theft scheme. Kyell Bryan carried out the plan in 2019 with several others. After he too pleaded guilty, Jordan Milleson, a co-conspirator in the scheme, was sentenced to two years in federal prison earlier this year.

So, what exactly went down? Before we get into that, let’s go over what SIM swapping is and how it usually plays out.

What is SIM swapping?

Sim swapping is a type of account takeover fraud that involves SIM cards, the small, removable mobile chip in your mobile phone that links your phone number to your device. The perpetrator steals a phone number and assigns it to a new SIM card. They usually do this by stealing data about the victim from various sources — such as scouring social media profiles, data breach leaks, phishing, and other types of social engineering — then calling up their phone provider to impersonate the victim. The perpetrator often claims that their SIM card has been compromised somehow — for example, lost or destroyed — and convinces customer service representatives to reassign their number to a new SIM. The perpetrator then “verifies” themselves to be the victim using data they stole. Once this is done, the perpetrator has access to the victim’s accounts that are linked to their phone number. 

How the conspiracy played out

Using the stolen login credentials of employees at an unnamed wireless service provider, the group began executing SIM swaps. They stole these credentials by setting up fake login portals, which some employees used to log in. By doing the SIM swap, they were able to gain access to a victim’s cryptocurrency account. Bryan instructed Milleson (whom everyone only knew by a forum pseudonym at this point), to transfer the victim’s cryptocurrency, valued at  $16,847.47, out of their account. 

SWAT attempt leads to their discovery

Things started going south when Bryan and the rest of the group suspected that Milleson had cheated them out of their share of the stolen cryptocurrency. They uncovered Milleson’s true identity and carried out a SWAT attack on him, which involves sending emergency services to a specific location under a false claim (learn more about SWAT attacks and how dangerous they can be in our blog post). Specifically, Bryan called up the police, told them that he had shot his father and was about to shoot himself with a handgun and gave Milleson’s home address. 

The call was soon proven to be a false alarm, but the police then learned after interviewing Milleson’s relatives that someone had recently called, accusing Milleson of stealing $20,000. This eventually led to the arrest and indictment of both Bryan and Milleson. Bryan is set to be sentenced in January 2022 and faces a similar sentence to Milleson.

The threat of SIM swapping

While several perpetrators were caught in this instance, SIM swapping schemes should be on your radar, especially because SIM swapping events have reportedly increased by 600% over the past year. 

If you ever find that your SIM card suddenly no longer works and you’re unable to send or receive text messages or make calls, make sure to reach out to your mobile provider ASAP. It’s also important to contact your bank and other sensitive accounts to alert them and ensure that no fraudulent transactions have taken place. Take preventative measures like using strong passwords, setting up a password manager, and setting up 2FA (that doesn’t use SMS) on every account you can.

Share on Twitter, Facebook, Google+