Gregg Bennett, a SIM-swap hack victim and angel investor, sued cryptocurrency exchange Bittrex over allegedly allowing the theft of nearly $1 million in Bitcoin (BTC).

According to a press release published on Oct. 30, Bennett believes the exchange violated its own security standards and allowed hackers to steal his cryptocurrency in April. The lawsuit, filed in King County Superior Court, suggests that the exchange committed “unfair and deceptive acts that misrepresented its level of security."

A SIM-swapping attack

The hackers reportedly took control of Bennett’s mobile number and then used it to access his online accounts, including Bittrex, on April 15. The cybercriminals then allegedly sold the Bitcoin for other crypto assets at below-market prices and transferred the funds to an account under their control.

Bennett claims that he realized that he was under attack, but the exchange failed to react for nearly two hours, which allegedly allowed the attackers to steal his funds. Per the release, the hackers tried to withdraw more funds, but by then the exchange had already reacted to Bennett’s emails — the only way the exchange can be contacted, according to the lawsuit.

Red flags allegedly ignored

Dan Kittle, who works at Lane Powell — the law firm representing Bennett — said:

“As alleged in our complaint, Bittrex ignored a number of red flags warning Bittrex that the person initiating the withdrawal was not Gregg Bennett. [...] We plan to show in court that Bittrex either ignored or was unaware of standard industry safeguards to prevent hacks just like this.”

The exchange reportedly ignored that the hacker used a different operating system and a suspicious IP address. Furthermore, the exchange allegedly did not impose a 24-hour hold period on the account’s funds after the password change. Bennett commented:

“Bittrex was bamboozled by hackers who should have been as visible as thieves wearing masks and carrying guns. [...] I am asking for Bittrex to do the right thing by plugging what I see as gaping holes in their approach to security, and to return my coin to me.”

Bennett also explained that Bittrex and its owner Bill Shihara were difficult to convince that he was actually hacked, stating:

“I am going to do everything I can to hold those responsible accountable for their actions, so other people aren’t victims of similar negligence.”

As Cointelegraph reported last month, SIM swapping victim Michael Terpin wrote an open letter to the United States Federal Communication Commission Chairman Ajit Pai requesting action to render such attacks impossible in the future.