Gregg Bennett, a renowned US angel investor is suing Bittrex cryptocurrency exchange over a SIM-swap hacking incident that resulted in loss estimated at over $1 million. Bennett claims that Bittrex violated its own security standards allowing the hackers to gain control of his account according to a October 30 press release. In his suit, filed in King County Superior Court, Bennett wants the exchange held liable based on their “unfair and deceptive acts that misrepresented its level of security.”
The filings indicate that initially the hackers gained control over Bennett’s phone number which they used to hack into his various online accounts including Bittrex on April, 15. Once he realized he was under attack, Bennett tried to alert the exchange but they failed to take any action for over two hours. This was time enough for the hackers to withdraw the maximum allowable 100 Bitcoin, to trade his others coins at below market price and send them to accounts they controlled. There was a failed second attempt the following day as Bittrex had acted upon his emails, the only acceptable means of contacting the exchange even for urgent customer requests.
The suit alleges that Bittrex ignored a number of red flags, which if acted upon would have prevented the loss. The exchange reportedly failed to detect a number of suspicious activities on the account such as use of different IP address, different computer operating system, and change of password. Bennett claims that the exchange failed to follow industry-standard practice of freezing withdrawals for 24 hours following a password and two-factor authentication change.
Based on the press release, Bennett believes that Bittrex did not take his issue seriously and treated him with greater suspicion than the hacker. He asserts that by filing the suit, he hopes to understand why the exchange failed to protect him and hopes that it will serve as a lesson to other exchanges on the importance of protecting their customers.