T-Mobile user gets separated from his bitcoins, sues for carrier negligence in a phone number heist

T-Mobile user gets separated from his bitcoins, sues for carrier negligence in a phone number heist
The ongoing identity theft fraud, where scammers get a hold on your personal details, including your phone number, and try to access bank and other payment accounts you might have connected to it, has resulted in at least one lawsuit so far. One Carlos Tapang of Washington state is now blaming T-Mobile that it has "improperly allowed wrongdoers to access" his wireless account, ultimately resulting in a drain of his cryptocurrency stash after initiating a password change request.

The scam has been around for a few months already, and carriers have put warnings in their support pages for subscribers to install a second line of defense to their wireless account - a PIN code of sorts. This would have prevented the hackers from transferring Mr Tapang's T-Mobile number to another carrier, and then resetting his associated cryptocurrency account password, as they would have had to provide the PIN to transfer the number in the first place.

The thing is, Mr Tapang claims, that "T-Mobile was unable to contain this security breach until the next day," when it was too late to prevent exchanging his tokens for nearly three Bitcoins, and taking them out of his account. Granted, the price of Bitcoin on November 7th when the incident happened, is nowhere near the peaks registered just a few weeks ago, but the scammers still netted about $20,466.55 on that day.

That's all fine and dandy, and can be filed under "stuff happens," had Mr Tapang not asked T-Mobile to add the PIN in question to his account prior to the incident, he claims. He didn't follow through if the carrier actually did, though, resulting in the security number never been implemented, while he thought it were. That's the whole premise of the lawsuit, and Mr Tapang is now suing for financial and moral damages, so, word to the wise - do call and put a PIN on your wireless account, even if it takes you a few times on the phone with customer service to confirm it. Better yet, just go to a physical store, and set one up faster.

source: Law360 via The Verge



1. Arch_Fiend

Posts: 3951; Member since: Oct 03, 2015

$20K yep I would be pissed off as well!

5. worldpeace

Posts: 3135; Member since: Apr 15, 2016

$20k at that day.. And dropped under $9k yesterday.,


Posts: 2817; Member since: Oct 03, 2012

He is just plain stupid, he will not win!

3. xfire99

Posts: 1207; Member since: Mar 14, 2012

Isnt BTC wallets password protected? How could scammers get 3 BTC from his wallet?

4. L0n3n1nja

Posts: 1588; Member since: Jul 12, 2016

The end of the first paragraph. "ultimately resulting in a drain of his cryptocurrency stash after initiating a password change request." Basically they got a hold of his personal information, took it to another cell phone provider to port his number from T-Mobile to another carrier so that they had physical possession of the phone containing his number. This let them initiate a password reset doing authentication with his phone number, and allowing them access to his bitcoins.

6. collin3000

Posts: 70; Member since: Apr 28, 2015

A bitcoin hardware wallet is secure. But a ton of coins are on exchanges which essentially accept deposits like a bank and offer IOU's. However most exchanges have 2FA though and require a form of ID to be scanned in to reset a password.

7. Anonymous.

Posts: 423; Member since: Jun 15, 2016

Poor guy, I feel for him.

8. gmm6797

Posts: 7; Member since: May 15, 2010

Typo city: That's all dine and dandy

9. makatijules

Posts: 835; Member since: Dec 11, 2017

The problem is, the warnings came AFTER the fact. The subscribers were not warned beforehand. You can't warn someone of something until it is happening. So this user has a legit claim and the fact is, its the carriers jib to protect my number, not mine. My phone number is associated with my identity. Creditors and employers need such info. So it is the carriers job to prevent such from happening. If its my job to do everything, then what the hell am i paying you for? I don't see this happening on Verizon or Sprint or AT&T. How is it T-Mobile is the only one to fail? Like other OEM's, it is their job to provide security for their networks, software and more. If it fails due to know fault of YOUR own, then it is 100% automatically their fault. Any T-Mo user who lost any money shoudl all be filign a lawsuit against TMO. Because I sure would. Looks like its class action time!

13. L0n3n1nja

Posts: 1588; Member since: Jul 12, 2016

You clearly don't understand how porting a number works. T-Mobile did exactly what they are legally required to do when a port is initiated. They can't legally try and stop it of the information provided matches the account, nor would they have a reason to because they have no way of knowing this guy wasn't actually doing it himself. The only concern here is this guy claims he told T-Mobile to put a password on his account, and it didn't happen. Most wireless accounts have a pin or password, Verizon made it mandatory for all accounts a few years back, because the pin is needed for a port. However if an account doesn't have a pin, all you need is the phone number, name on the account, and a billing address. The average person has this information on social media these days.

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless