A 19-year old man has been indicted for identity theft as part of an alleged $1+ million cryptocurrency heist affecting at least 75 victims in the United States.

A news release published on Dec. 18 by Manhattan District Attorney Cyrus R. Vance alleged that Yousef Selassie, 19, conducted a complex “SIM-swapping” scheme targeting residents across 20 different states.

SIM-swapping — also known as a port-out scam — involves the theft of a victim’s cell phone number in order to hijack their online financial and social media accounts by intercepting the automated messages or phone calls used for two-factor authentication security measures.

A nine-count indictment

As the Manhattan District Attorney’s Office news release outlines, Selassie has been indicted on nine counts, including identity theft in the first and second degrees, grand larceny in the first and fourth degrees, computer trespassing and tampering and scheming to defraud in the first degree.

In a statement, Attorney Vance said that the suspect had perpetrated the crimes from his Brooklyn apartment, illicitly accessing accounts belonging to 75 victims and siphoning over $1 million in cryptocurrency using “little more than an iPhone and computer.”

Selassie allegedly compromised online accounts in order to determine whether his targets had cryptocurrency holdings, which included — but were not limited to — Gmail, Yahoo, and Dropbox.

He is alleged, in some instances, to have changed the passwords to these accounts to prevent victims from regaining control, and to have “intentionally selected and targeted victims known to be active in cryptocurrency, due in part to the inherent difficulty in tracing the theft and transfer of cryptocurrency.”

Selassie was arrested in Corona, California, pursuant to the execution of a search warrant, which led to the authorities’ recovery of various electronic devices as well as custom-made jewelry allegedly purchased using Bitcoin (BTC).

They moreover recovered a handwritten note containing a wallet seed phrase for a cryptocurrency wallet, which, when reconstituted, linked him to a number of known victims and the theft of hundreds of thousands of dollars’ worth of cryptocurrency.

An ongoing threat

As reported, U.S. authorities charged a Pennsylvania man earlier this month with conspiracy to commit wire fraud and extortion via a series of SIM swaps targeting cryptocurrency execs and investors.

This November, members of REACT Task Force — a California-based law enforcement group dedicated to fighting cybercrime — said they consider “SIM swapping” to be among the group’s top priorities in the fight against cryptocurrency-related fraud.

Addressing SIM swapping is difficult, as the success of the culprit depends on several factors out of the initial SIM-owner’s control.

In investigating SIM-swapping heists, prosecutors have identified that telecoms employees have in some instances either intentionally abused their access to customer data or have been unwitting accomplices in sharing confidential information with perpetrators.

Michael Terpin — a blockchain and crypto investor who filed a SIM-swapping-related lawsuit against telecoms provider AT&T — likened the firm to a “a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner."