As you’ve probably gathered from the title, we’re going to talk about a heist, but not just any heist. While it’s not as glamorous as robbing a casino in Ocean’s Eleven, this one involved something that can happen to anyone if they’re not careful and that something is SIM swapping. If you don’t know what that is, it’s a type of identity theft where a hacker manages to fool the mobile carrier into transferring the victim’s phone number to a criminal’s SIM card. Also known as SIM hijacking, it's a very malicious attack (as they all are) that, if successful, basically completely takes over the victim’s mobile identity with all of their SMS messages and phone calls. This all starts with a cybercriminal obtaining personal details about an individual, either via social media, phishing, or some other criminal activity, and then using that info to convince the mobile provider to transfer that person’s phone number to a new SIM. Unfortunately, this is a fairly common trick that crops up every so often. A few years ago, the FBI reported that SIM swap attacks resulted in over $72 million in losses in the US between 2018 and 2021. Reasons for this vary, but it can primarily be attributed to people posting all kinds of information they shouldn’t on the platforms such as Facebook and X, in addition to personal data leaks. Also, widespread use of SMS-based 2FA Likely contributed as well, considering that type of security is very insecure. You see, SMS messages aren’t encrypted and aren’t that hard to access for skilled hackers since phone companies generally don’t have that good of a protection.
What’s worse, it can take less than 10 minutes to fully compromise someone's identity and financial accounts. If you frequently follow what the PlasBit team writes about, you may already have guessed that crypto enthusiasts are particularly vulnerable. That is due to the fact that crypto assets can be transferred very quickly with little trace, and many crypto wallets are protected by SMS 2FA, which in reality isn’t that secure. This brings us to Michael Terpin and his case, where he lost $24 million worth of cryptocurrency through a SIM swap attack. Rather, it brings us to the person behind it and the crux of this article. So, who’s Ellis Pinsky Baby Al Capone? He is a teen hacker who orchestrated a SIM swap attack against crypto investor Michael Terpin and stole $24 million in crypto at age 15, gaining access to Terpin’s phone number through social engineering and by bribing AT&T employees, stealing millions in TRIG tokens and laundering them into Bitcoin. Although he was never criminally charged due to his age and cooperation with authorities, he agreed to a $22 million civil settlement and to testify against AT&T when Terpin took the company to court, accusing them of gross negligence in enabling the hack.
Terpin with his wife Maxine (Image credit: Erika P. Rodriguez for Bloomberg Businessweek)
Kids these days… But there’s a lot more to this crypto theft, and we aim to go scratch well beneath the veneer, so stick around,we’re sure you’ll like the story.
Now, on to the juicy bits.
The Kid Hacker
While Pinsky was only 15 years old when the theft occurred, he already had a somewhat eventful life, for better or worse. When he was a child, his family immigrated from Russia, eventually settling in Irvington, New York. During that time, while Pinsky was 11, he spent time playing “Call of Duty: Ghosts” on Xbox One and being an active member in the Xbox Live online lobbies. That is where and when his hacking chops started to develop. It all began when, during one of his online Xbox activities, someone asked him about the weather in Irvington. Pinsky, naturally, got startled and logged off, realizing someone knew where he was from. But his curiosity was bigger than his worry, so he asked around and found out about a free program called Wireshark, which could be used to identify the IP address of an incoming network connection. When combined with a Google search of that IP, one can get an approximate location. It was that very revelation for the young Pinsky that triggered his curiosity to the point he wanted to learn more about such methods and internet secrets, so he quickly found out that there were indeed people who knew a lot about such things. More importantly, they were willing to share their knowledge for a price, of course.
Ellis Pinsky talking to a police officer
This quest led him to several shady personas, and one of them was a Twitter profile of a user called Ferno. Pinsky asked Ferno to teach him hacking skills and black hat tools, and to his surprise, Ferno agreed, but only if Pinsky would use those skills to help Ferno by tracking down some information. Naturally, the sketchy user didn’t say that would involve tracking social security numbers and similar important information, and Pinsky didn’t ask (‘ignorance is bliss’ kind of a deal). As such, during his mentoring, he learned quite a bit, including how to commit a DDoS attack and ISP doxing (a type of social engineering, where hackers steal your IP address and trick the internet service provider into giving them all kinds of private information). Mind you, Pinsky was 13 when he learned all of this, until he eventually lost interest in Ferno and his group of little hackers, mainly because he realized that most of them were just using programs created by others. Just think how unimpressed he must’ve been once he realized it barely requires any real skills. So, the Baby Al Capone turned to OGUsers, a forum teeming with all kinds of hackers with far more advanced skills, exactly what Pinsky was looking for. It didn’t take long until he was making waves on the forum, progressing fast, even above any mentors he had. Shortly after, Pinsky started to learn how to program and code so he could successfully attack companies’ databases, which he soon did, making him a valuable member of the OGUsers forum. Interestingly enough, due to his heritage, he got along nicely with Russian hackers, and by his own words, by the time he was 14, he could hack anyone.
What is the deal with Ellis Pinsky Irvington
Every hacker needs a secret residence where they can do their thing, and Pinsky was no different. Granted, it wasn’t much of a secret since it was his parents' house, but as a teen, he didn’t have a choice. As such, you might wonder what is the deal with Ellis Pinsky Irvington? Ellis Pinsky Irvington is the name of the town from which he is from, growing up in a middle-class home in Irvington an upscale suburb in Westchester County, New York, 25 miles north of Manhattan, he appeared to live a regular life, running track and playing soccer at school, but in reality, he led a team of hackers who used the notorious SIM swap scam to steal $24 million from crypto investor Michael Terpin.
When Harry met Pinsky…
Funnily enough, it looks like Barack Obama was the reason Pinsky learned about the new method called SIM swapping. To be more precise, the then-US president wrote an op-ed in The Wall Street Journal, where he mentioned two-factor authentication. Being a novel thing at the time, this security method was giving headaches to hackers. Pinsky stumbled upon this article and ultimately learned about the method behind the fraud. He worked fast, figuring out how to trick or persuade employees at wireless carriers to do the old switcheroo with SIM cards, so he’d be the one controlling the phone when the 2FA was activated. Shockingly, Pinsky admitted that he pretty much had employees from all major carrier companies working for him, so apparently, corporate greed isn’t affecting just the top brass. Anyway, as he and other hackers soon realized what could be done with this, their eyes were set on cryptocurrencies. The reason was fairly simple, as it always is - money.
This was the beginning of the infamous crypto theft, which eventually earned him the name Ellis Pinsky Baby Al Capone. Sometime in early 2018, he was contacted by a guy named Harry, asking him to hack an AT&T phone. The owner of that phone was Michael Terpin, an early crypto investor who amassed substantial crypto holdings. Harry provided Pinsky with an email address and a phone number, leaving the young hacker to figure out how to pull this off. With help from his AT&T contacts, an employee issued a new SIM card programmed with Terpin’s number, giving him full control over Terpin’s calls and text messages. What followed was Pinsky and Harry resetting Terpin’s email password, with the young hacker also running a script to find if there were any crypto wallet keys in the emails. After a while and no progress, they struck gold, locating a file that contained various private keys. But, there were so many of them that the two didn’t know which one was which, and Terpin would sooner or later figure out what was happening and cut them off at the source. In the end, they managed to unlock one wallet that contained around 3 million Triggers ($TRIG). At the time, one $TRIG was worth more than $7, which translates to almost $24 million.
Michael Terpin getting ready to make a diss track about Ellis Pinsky (Image credit: Gizmodo.com | DeeCee Carter/MediaPunch/IPX (AP)
Still, there was the issue of transferring that huge amount of money and coins. Doing something like that is hard to perform unnoticed or alone with no actual laundering skills. Plus, crypto exchanges put limits on daily transactions. In that regard, more people needed to be involved, as Pinsky needed to exchange all those Triggers coins for Bitcoin. Eventually, he decided to use Binance for the task. He asked around on Twitter for anyone having a Binance account or being familiar with the exchange, and subsequently managed to find about six people. He paid them between $20,000 and $50,000 to exchange the Triggers coins to Bitcoins on their accounts, which they would then forward to Pinsky’s and Harry’s accounts. Unfortunately for Pinsky, he made a grave error here. To check for himself if the money was real, some coins from Terpin's account were transferred to Pinsky’s. That action left a trail, which would bite him in the ass later on. Though to be fair, even without that move, things got complicated quickly. The market started to crash, there were a lot of fees due to large transactions, and some of the Twitter folks never returned the money to Pinsky, opting to keep it for themselves instead (oh, the irony). One such user was named ‘erupts’, and they kept one million dollars to themselves, which they were supposed to launder. When it was all said and done, Pinsky split the share with Harry and was left with 562 bitcoins, worth around $10 million at that time. For the most part, that was it. The heist was all done, there was no immediate response to it, and it seemed like the operation was a resounding success.
Enter Nicholas
Some time passed, and Pinsky had moved on with his life, going to school, learning new programming techniques, and such. Then, out of nowhere, he got a message from ‘erupts’, the same person who took $1 million for themselves. Apparently, their real name was Nicholas (Nick) Truglia. A Manhattan guy in his early twenties, Nick wanted to meet Pinsky. Reluctantly, the latter eventually agreed, bringing a high-school friend just in case. It turned out that the meeting wasn’t anything malicious, as Truglia viewed Pinsky as a mythical being. In fact, he took Pinsky and his friend to fancy restaurants, parties with models, and the usual extravagant lifestyle that’s almost a cliché at this point. Ellis Pinsky Baby Al Capone stated that he felt nervous and that he didn’t belong in those circles, especially considering how everybody was noticeably older than him. Not to mention, people knew who he was. Then, on November 14, 2018, the Regional Enforcement Allied Computer Team (REACT) came knocking on Truglia's door. They promptly arrested him for a SIM swapping theft that took place just a few weeks earlier, where $1 million was stolen. As they were searching his files, they stumbled on evidence connecting him to Michael Terpin’s $24 million. They also found Truglia’s messages on the very same day of the robbery, saying that “today my life changed forever”. Coincidentally, he was right, since many people don’t get to experience the wonders of jail time. But more on that later.
Nick Truglia enjoying life before prison (Image credit: X.com)
What was Ellis Pinsky sentence
There was a somewhat peculiar situation regarding the Ellis Pinsky sentence, as he was never criminally charged, never arrested, and never stood trial for his crimes, likely due to his age at the time of the offense and his cooperation with authorities. He returned what he claimed were the stolen assets and faced a civil lawsuit from Terpin, which concluded in October 2022, with a court judgment ordering Pinsky to pay $22 million in damages.
The ingenuity of SIM swapping
For the next few minutes, we’ll take a slight detour and explain exactly how SIM swapping works. It plays a prominent role in the tale, and here at PlasBit, we feel it’s important to cover this type of account takeover fraud and help you avoid falling victim to it. First, you need to know that each SIM card has a unique identifier, which is how mobile networks deliver phone calls and SMS to the correct mobile device. In case of the SIM swap, the compromised phone gets connected to a different SIM and all incoming network traffic is redirected. For a successful SIM swap, scammers must pretend to be the victim and persuade the carrier to move the service to a different SIM card. This can be done by saying it’s been stolen, lost, broken, or similar. Or in the case of Ellis Pinsky Baby Al Capone, bribery helps too, it seems. To complete the deception, cybercriminals also have to use the victim's personal information to prove that they are who they say they are. This kind of data tends to be purchased from data brokers found in data leaks on the dark web, obtained through spyware, or even through social media if someone is particularly careless (yeah, that happens as well).
There is an interesting study done by Princeton University in 2020 on the topic of social engineering and SIM swapping. It states that the following details are the most important to criminals, and by proxy, to safeguard:
- Financial information - stuff like credit card details, CVC, and similar
- Device details - the unique serial number of a SIM card
- Personal data - name, address, date of birth, and email address
- Call logs - dialed numbers, call dates, or even identities of call recipients
- Account credentials - passwords, PINs, security question answers (the ones everybody always forgets)
If the switcheroo is successful, the criminal can access any of the victim’s accounts that use 2FA. Nonetheless, there are some signs that may point to you being a target of SIM swapping. These include (but are not limited to) if you:
- Can’t make calls or send messages (a big red flag)
- Suddenly get an email informing you of unusual activity or get a message that your phone number is used on some other device
- Are unable to access any of your accounts
- Notice any unauthorized transactions
In case any of the above happens to you, immediately do the following:
- Contact your mobile network operator
- Reach out to your bank and secure your financial accounts
- Change passwords and disable 2FA
Now, the good news is that you can do a few things to prevent this from happening. Above all, be mindful of the personal information you leave on the internet, be it your phone number, address, full name, or birth date. Adding to that, avoid answering any messages, emails, or phone calls asking for your personal information. Any legitimate organization worth its salt won’t do this. Also, use PIN codes (and no, not the default one). This can come in handy because a good deal of cell carriers now offer Number Transfer PINS. So, in the event you get SIM-swapped, whoever did it will need your PIN first. If you’re careful, that particular bit of information won’t be easy to get.
Worth mentioning is that the Federal Communications Commission (FCC) introduced new rules in November 2023 to combat SIM swapping. The two main ones are:
- Mobile wireless providers are now required to have stronger authentication methods before any SIM changes or number porting
- Immediate customer notifications whenever a SIM change or port-out request is made
What is Ellis Pinsky age
If you didn’t gather by now, Pinsky was very young when he began his scamming way, practically becoming a master by his mid-teen years. So, what is Ellis Pinsky age? He is 22 years old as of April 2025, at the age of 15, in 2018, he orchestrated a $24 million cryptocurrency theft from investor Michael Terpin. In 2022, Pinsky, then 20, agreed to pay $22 million in damages to Terpin as part of a civil settlement. His age is something of a marvel, being that young and already managing to trick so many and steal millions. Due to our current technology-driven society, he’s far from being the only one, as we touch base on that below.
Even more teenage hackers
It’s probably unsurprising that Pinsky wasn’t the only teen hacker who did crypto scams. For instance, a little British bugger going by the name Love2Shop managed to create a fake website while not leaving his bedroom. With it, he stole numerous account details from unsuspecting internet users, which had netted him around $2.89 million in cryptocurrencies. The police did get to him, though, and seized all that money. Then we have Malone Lam (a familiar name if you’re an avid PlasBit reader), who, with the help of his friend, pulled off a $230 million crypto heist. He was caught not long after due to uncontrolled splurging of his ill-gotten gains and drawing insane amounts of attention to himself. Another kid in the US pulled a rug-pull with a memecoin. He created a Gen Z Quant memecoin on Pump.fun, and bought 51 million coins for around $350. The kid then live-streamed himself, and people started to pay attention. They bought a hefty sum of coins, making the price skyrocket. Soon after, the kid sold his stash for $30,000, and crashed the price of all the other coins, making them practically worthless. He repeated the scam two more times with two different coins, earning a total of $50,000, pretty usual stuff when it comes to memecoins, we’d say. Last but not least, we have Joel Ortiz, an 18-year-old who stole more than $7.5 million. Wonder how he did it? SIM swapping!
This time, a guy named Darren Marble was the victim. Looking at these stories, we can’t help but wonder why this is happening more often than not. There are probably many reasons, but it’s part of the times we live in. Today’s kids are incredibly tech-savvy and much more into computers than their predecessors. They’re practically born into technology. Plus, if they want to learn, they can find the necessary information on the internet, legitimately via YouTube tutorials, GitHub, or even Discord communities. Yes, social media likely plays a part too. The often unrealistic and fake lifestyles, glamor, parties, expensive things, and the like are regularly part of TikToks, Reels, and such, which kids watch and absorb like sponges. Kids being kids, especially if they’re growing up on the poor side, see a glimpse of that lifestyle and want it for themselves. Crypto plays into this nicely, because the industry seems like it’s a treasure trove for hackers, with a potential for a quick buck. Add the financial pressure a lot of youngsters feel today, and you've got a recipe for a hacking disaster. Lack of proper consequences helps as well, which we see with the Ellis Pinsky Baby Al Capone case. Non-adults get much more lenient sentences, if at all.
Too soft a punishment?
In the end, Pinsky got scott-free. Well, technically. He didn’t face any incarceration but was ordered to pay $22 million (minus the $2 million he apparently paid back in 2019) to Michael Terpin in a civil lawsuit for his role in the scam. Terpin also sued AT&T, and Pinsky’s testimony against the company helped him reduce the punishment. Considering that Nicholas Truglia got it way worse when he wasn’t even the main perpetrator in all of this, seems rather disproportionate. Sure, Truglia already being jailed on federal charges for a separate crypto theft didn’t help his standing. For his role in the Terpin’s case, he got 18 months in prison. Afterward, Pinsky went on to study computer science and economics, wanting to be an entrepreneur. Surprisingly or not, he avoided his hometown like the plague, citing that he was done with his hacking days. While he may be finito with that world, unfortunately, we’re pretty sure many more baby Al Capones are on the horizon.
