SIM swapping is a type of identity theft where scammers hijack your phone number by tricking your mobile provider into transferring it to their own device. It’s a fan-favorite among crypto thieves, as unfortunately, many fall for this tactic. In one of the most notorious SIM swaps, scammers stole a massive crypto fortune from a renowned crypto investor. And what was the fate of the crime? Nicholas Truglia crypto was sentenced to 18 months in prison and ordered to pay $20,379,007 in restitution for his role in a 2018 SIM swap attack where hackers stole $23.8 million in crypto from investor Michael Terpin. The prosecution declares that he laundered the stolen funds by converting them into Bitcoin, keeping at least $673,000 for himself.
Nicholas Truglia: The Man Behind The Scam
Not much is known about Nicholas Truglia and his upbringing. What we know for sure is that he’s lived a lavish life up until his arrest: 25-year-old NYC resident Chris David filed an affidavit that gives us a lot of context on what kind of person Truglia is.
Prior to scamming Michael Terpin, Truglia met David in a San Francisco fitness center. They started chatting about private jets and crypto in general, and soon enough, Truglia began bragging about his riches: he showed proof of holding over $7 million in cash and another $12 million in cryptocurrencies. But that was not all. Truglia also boasted with two Trezors, containing a grand total of over $60 million in various cryptocurrencies. According to his claims, he’s acquired his fortune via mining crypto, but as David got to know Truglia, he became increasingly suspicious. Truglia didn’t have a job: he woke up late, went to the gym, ate out, and played video games until late at night. While hanging out with David, he bragged about his $6,000 per month apartment, an allegedly $100,000 Rolex, or his plans to buy a $250,000 McLaren sports car. As David uncovered the Nicholas Truglia crypto scam, the glamorous facade fell apart quickly.
David witnessed Truglia trying to SIM swap at an AT&T store. Before arriving at the store, he managed to add his name to an account that belonged to someone else. Truglia persuaded the employee to give access to the account by showing the phone number and the PIN code, and even though he couldn’t provide any ID belonging to that account, the employee was satisfied with Truglia’s passport as verification. Hilariously, the scammed account had an overdue balance, which Truglia refused to pay off. David said this was the only reason he didn’t go through with the SIM swap attack.
But it gets darker. Truglia scammed left and right, and no one was safe. Here’s a rundown of his victims - the last one might surprise you:
- Michael Terpin. The renowned crypto investor and founder of half a dozen tech ventures fell to Truglia & Co’s SIM swap in 2018. We’ll unpack this case below, but the bottom line is that this $24 million theft was finally what caught up to Truglia, resulting in his 18-month prison sentence.
- Robert Ross. A father of two, he got his account hacked by Truglia: the scammer scooped up $500,000 from his Coinbase account and another half million from his Gemini account. Ross kept his life savings in these accounts and planned to give everything to his kids once they grew up; instead, authorities could recover only $300,000 from the stolen funds. Ross later started stopsimcrime.org, an advocacy site for raising awareness.
- Various victims. Although he couldn’t steal any funds from several people, Truglia did hack into the phones of Saswata Basu, CEO of the blockchain storage service 0Chain; hedge-funder Myles Danielsen, vice president of Hall Capital Partners; and Gabrielle Katsnelson, the co-founder of the startup SMBX.
- His own father. Should we elaborate? Truglia scammed his own father to the tune of $15,000. Once busted, he agreed to repay him, but in BTC. Davis took a screenshot of Truglia’s dad’s frustration as he tried to understand how he could get his money back:
Truglia’s father puzzled over how BTC works
It shouldn’t come as a surprise, but Truglia’s shady actions weren’t limited to SIM swaps. David claimed in his affidavit that he saw Truglia possessing a fake New York State driving license. It had the name and information of a deceased person, Quention Capobianco, but with Truglia’s photo swapped for Capobianco’s.
Forging a fake driving license by using a dead person’s personal information is a signature Truglia move
On top of all that, after serving his time, he was arrested once again in Florida in 2023 for fraud and gun charges. He also admitted to the Ross scam, with the case still ongoing. If found guilty, Truglia is facing several years in prison as a repeat offender.
What’s a SIM Swap Attack And How To Avoid It?
During a SIM swap, the scammer convinces your mobile provider to port your phone number to their device. Once they have access to your calls and messages, they can easily access sensitive accounts with two-factor authentication.
To do this, the scammer first needs some sort of personal information to impersonate you at your provider’s store. So, the first step in SIM swapping is getting one or more of these personal details from you. You might get a dodgy email asking for sensitive data; it can be an unknown caller can be posing as your provider; or the scammer can simply buy these data from criminals. Alternatively, the thief can collaborate with a store clerk by bribing them in return for exposing your sensitive data.
When that happens, you don’t have any reception, you can’t initiate calls, receive messages, or access the internet. At this point, the scammer has transferred your phone number to their SIM card, locking you out of your phone and your personal data with it. To complete the scam, the thief simply hits “forget password” in any of your accounts, then resets your password using 2FA, and then you’re at the scammer’s mercy. If you lose any funds (crypto or fiat money) or access to your socials, you might never get any of it back. So, how to defend against SIM swapping?
- Use app-based 2FA. Instead of text message IDs, use Two-Factor Authentication to prove your identity within a dedicated app like Google & Microsoft Authenticator.
- Set an extra PIN. Most carriers allow you to set a security PIN code to carry out sensitive account changes.
- Be secretive. When it comes to passcodes, passwords, unlock patterns, PINs, and even stuff like your birthday and phone number, keep them to yourself. Don’t publicize sensitive information that can be used against you.
- Strong passwords. Yes, it can be that simple. Strong passwords are hard to crack. You can use password managing tools to generate complex passwords. Be sure to update them regularly.
- Toggle alerts on. Any notification from your bank, your crypto exchange, email provider, etc. should be on. This can help you react fast if things go South.
The FCC (Federal Communications Commission) in the USA has recently adopted a set of new rules to defend against SIM swap attacks. The revised rules now require wireless providers to adopt secure methods of authenticating a customer before redirecting a phone number to a new device or provider. Whenever such attempt is made, customers need to be notified about it, and the provider needs to take extra steps to protect against SIM swaps.
The Nicholas Truglia SIM Swap: How It Played Out
Despite his young age (27 at the time of writing this article and only 20 during the Terpin scam), Truglia engaged in several scams. The Nicholas Truglia SIM swap scams included the theft of $23.8 million from Michael Terpin in 2018, $1 million from San Francisco executive Robert Ross, and attacks on at least six other Bay Area executives, including 0Chain CEO Saswatu Basu, SMBX co-founder Gabrielle Katsnelson, and hedge funder Myles Danielsen. He was involved in scams that stole over $100 million in crypto and built a $53 million net worth largely from the proceeds. Truglia worked with Ellis Pinsky, who was only 15 at the time and yet he was the mastermind behind this scam - Truglia was merely the money launderer in their formation.
According to Terpin’s lawsuit, Pinsky, the mastermind, and Truglia, the money launderer stole almost $24 million worth of cryptocurrency via SIM swapping his mobile account at AT&T back in 2018. Terpin is also pursuing a $200 million civil lawsuit against AT&T related to the theft, accusing the provider of negligence. Terpin shares how in January 2018, someone requested an authorized SIM swap on his account, causing the phone to go dead and prompting the device to forward all messages and calls to the attackers’ phone. With the SIM swap done, the scammers could access Terpin’s crypto accounts and pocketed almost $24 million.
Often bragging about his lavish lifestyle, the consequences of his actions soon caught up to Nicholas Truglia
Here’s how it happened from the scammer team’s point of view. The entire thing was orchestrated by Ellis Pinsky, a 15-year old hacker. He bribed an AT&T employee to bypass security measures and transfer Terpin’s phone number to a device held by Pinsky. This allowed Pinsky to reset Terpin’s password to his Microsoft OneDrive. While browsing through it, Pinsky discovered access credentials to Terpin’s crypto wallets. Using this information, the teenage scammer transferred $24 million to Truglia’s own account. Truglia then converted the crypto assets to BTC, and then split the sum and shared it with participants of the scam, keeping some of the stolen money to himself.
From Terpin’s point of view, things looked bleak. He soon learned that his password was changed remotely after someone tried to reset it 11 times in AT&T stores. The provider suggested using his unique PIN code that is required before making any account changes, but Terpin didn’t know that one store employee helped the attackers unknowingly by bypassing this code. This makes the negligence lawsuit a bit more understandable: Terpin argues that customers should understand that their unique code is not needed exclusively for making account changes. AT&T declined to comment and looks forward to disputing Terpin’s claims in court.
That civil lawsuit is still ongoing, but what was the verdict in the Nicholas Truglia crypto scam in court?
Nicholas Truglia Sentence: Justice Served?
Truglia was originally arrested on suspicion of SIM swapping and stealing $1 million from Robert Ross, but his bail hearing included crucial information that eventually got him convicted. The Nicholas Truglia sentence was 18 months in prison with three years of supervised release after he pled guilty to one count of conspiracy to commit wire fraud, leading to the dismissal of a second count: conspiracy to commit money laundering. He was ordered to pay $20,379,007 in restitution to the victim within 60 days.
Eventually, the Ross case got him caught, but his bail hearing made the Nicholas Truglia crypto case worse. So, what implicated him in the Terpin scam? Incredibly, evidence showed that Truglia bragged to his father (whom he also scammed earlier) and friends about the $24 million scam on the day Terpin lost the same amount of money. He even offered to take his buddies to the Super Bowl with “porn star escorts”.
Chris David also provided a couple of screenshots of a Twitter account that allegedly belongs to Truglia. @erupts laments about the hardships stealing $24 million has brought upon him:
Confessions of a con man: Nicholas Truglia pouring his heart out after the scam
Although these tweets provide no hard evidence, they give us a sobering picture of how the mind of a notorious scam artist works. But how was his sentence carried out? He was released after serving 12 months for good behavior back in January 2023, but that’s the only positive development about his actions since. He missed the court-ordered deadline of January 30, 2023, to pay the $20.38 million restitution to Michael Terpin. In fact, he has failed to pay any of the restitutions as of today, which started to worry prosecutors that Truglia is either concealing his assets or is willfully refusing to pay. By the end of 2023, evidence was presented that Truglia was engaging in an “elaborate and fraudulent scheme” to avoid restitution.
They presented a Trezor hardware wallet allegedly controlled by Truglia that contained a hefty sum of BTC - around 3,196, or well over $100 million at that time. Truglia claimed he couldn’t access the wallet, and his attorney argued that he had lost the key and was genuinely unable to access his funds. The defense fell flat, though: prosecution pointed to the luxurious lifestyle Truglia kept living, which contradicts Truglia’s statements about not having any funds.
On February 29, 2024, a judge concluded that Truglia had the means to pay but refused to do so. He also ordered the scammer to be imprisoned until he either paid off the restitution he owed Terpin or proved his inability to pay. After several months, the same judge issued an order to release Truglia as he believed that it might be easier to get Truglia to pay restitution while he was free. This was not going to happen, sadly. At the end of 2024, the court scheduled a resentencing hearing for March 19, 2025. This was rescheduled to April 8, 2025, to give Truglia some extra time to submit financial details on his crypto assets.
Being already convicted in one major scam and facing multiple new charges, Truglia has yet to pay restitution and now faces a longer prison sentence than the first time.
Additional Notorious SIM Swaps
SIM swaps are simple, low-resource, and very effective scams, so it’s no wonder they are one of the most common digital scams nowadays. Other than the Nicholas Truglia crypto scam, our experts at PlasBit picked some of the most notorious ones:
$400 million stolen. In what might be the USA’s largest SIM swap scheme, a recent indictment tells us about a Chicago man and his friends who stole over $400 million in crypto. The “Powell SIM Swapping Crew”, including Robert Powell, Carter Rohn, and Emily Hernandez, conspired to gain access to victims’ devices and carry out SIM swap attacks. Powell’s crew used ID card printers to forge documents and then posed as their victims in Apple, AT&T, Verizon, and T-Mobile stores. Although many targets didn’t get anything stolen, one victim lost $400 million to Powell’s criminal activities. Other victims lost amounts of $15,000 to over $1 million, while Powell & Co. are currently awaiting trial.
$33 million settlement. Another ugly case involves Joseph “John” Jones, who lost 1,500 BTC and 60,000 in Bitcoin cash in 2020. The scammer performed a SIM swap despite T-Mobile providing an 8-digit security PIN to avoid this kind of swap. It was revealed that the fraudsters were never actually required to provide this security key, and even though we’ll never know who did the swap and how, T-Mobile decided to settle the case, paying $26.6 million to Jones plus another $6.5 million in attorney fees. While the provider tried to keep the details a secret, the law firm made the case public to demonstrate the serious danger SIM swaps pose.
$38,000 lost for good. One day in September 2024, California resident Justin Chan started receiving weird notifications on his phone. He soon realized that there was no reception, and he couldn’t initiate calls or access the internet. Soon enough, Chan realized he had lost more than just network access. According to his bank statements, he has wired $38,000, split into three wire transfers. He claimed that he never wired any money out of his bank as those funds were set aside for his mother. The bank denied his fraud claim, and Chan lost the money for good.
From kidnapping to crypto theft. A Connecticut couple was cruising through the town of Danbury when six men forced them out of their brand new Lambo SUV, put them in a van, and bound them. Thankfully, witnesses alerted the police, the perpetrators were caught, and the couple was rescued. Things took an unexpected turn at this point: according to one of the assailants, one of their targets’ sons had access to a massive amount of crypto assets, and they were planning to extort some money as ransom. Just two weeks before the kidnapping, unknown thieves stole $240 million worth of BTC and went on an extravagant shopping spree. While authorities refused to link the two cases initially, the massive fraud was soon uncovered, and some of the scammers were also named, and there were just too many signs that the petty kidnappers did indeed catch the guy whose son recently scammed people for thousands of BTC.
Nicholas Truglia Net Worth: A Dwindling Fortune
It’s hard to put a pin on a scammer’s fortunes who doesn’t admit to all his crimes and keeps his money in various currencies and accounts. Nicholas Truglia net worth is $53 million, as revealed by prosecutors during his 2022 sentencing. It includes digital currencies, jewelry, and art, mainly acquired from stealing and scamming. But after being ordered to pay more than $20 million in restitution, his net worth is expected to be significantly reduced to $30 million.
Since he usually worked in a team, it’s tough to track down how much each scam yielded him: what we know for sure is that he pocketed $673,000 for scamming Michael Terpin. His recent activities and return to crime suggest that Truglia still needs the money even if he has some of his stolen fortune left. We'll probably never know whether this is due to his dire financial situation or an insatiable need to steal.
Nicholas Truglia: The Moral of the Story
Truglia started doing cyber crimes at an early age. In the hopes of posing with immense wealth, he picked the easy and unlawful way. The fact that he has continuously tried scamming people and has never shown a shadow of a doubt only justifies the time he’s already spent in prison. Some scam artists like Jeremy Cahen try to maintain a sparkly image of themselves as edgy thinkers or progressive thought leaders of the crypto world, but we think at PlasBit that Truglia is different. His actions were always intentionally ill-intentioned, and his criminal activities after his release show little hope that he’d ever change his ways.
