$24 million dollars, luxury watches, and the largest sim swap hack ever.
this is how teenage gamers became the most wanted cybercriminals, their entire empire collapsing from greed before they could even drive..🧁
this is how teenage gamers became the most wanted cybercriminals, their entire empire collapsing from greed before they could even drive..🧁
this story begins with ellis pinsky, who at 13, loved video games and trash-talking other players.
one night - he took the trash talking too far.
after a match, a player messaged him: "how's the weather in irvington?"
his heart sank..
one night - he took the trash talking too far.
after a match, a player messaged him: "how's the weather in irvington?"
his heart sank..
how did he know where he lived?
ellis shut off the game.
this was the next level of the game, he thought.
the internet held many secrets, and he wanted to unravel them all.
this new game of hacking stimulated him more than video games ever could..
ellis shut off the game.
this was the next level of the game, he thought.
the internet held many secrets, and he wanted to unravel them all.
this new game of hacking stimulated him more than video games ever could..
over the next few months, ellis, mentored by fellow gamer "ferno", learned how to uncover hidden information abt people online.
ferno taught him everything abt hacking in exchange for the passwords, emails, & ssns ellis retrieved.
he also introduced ellis to the ogusers forum.
ferno taught him everything abt hacking in exchange for the passwords, emails, & ssns ellis retrieved.
he also introduced ellis to the ogusers forum.
ogusers was the start of an empire for ellis.
it was a place where young hackers shared their techniques to steal valuable social media handles - which could then be sold for money.
ellis was really good at this.
his abilities quickly surpassed his mentor's.
it was a place where young hackers shared their techniques to steal valuable social media handles - which could then be sold for money.
ellis was really good at this.
his abilities quickly surpassed his mentor's.
he mastered sql injections & sim swaps.
sql injections allow you to retrieve unauthorized data from databases (such as a username or email).
whereas sim swapping involves bribing wireless carrier employees to switch a sim card from a target's phone to one in your control.
sql injections allow you to retrieve unauthorized data from databases (such as a username or email).
whereas sim swapping involves bribing wireless carrier employees to switch a sim card from a target's phone to one in your control.
combining these techniques, all ellis needed to hack was a username or email.
he could attempt to log in, hit "forgot password," then receive the 2FA code due to the sim swap.
this method allowed him to obtain terabytes of data, making him a valuable commodity on ogusers.
he could attempt to log in, hit "forgot password," then receive the 2FA code due to the sim swap.
this method allowed him to obtain terabytes of data, making him a valuable commodity on ogusers.
at 14 yrs old, he had insiders working for him at every major carrier & "could hack anyone."
it was only a matter of time until he used his powers to steal millions - not thousands of dollars.
that opportunity struck him in jan 2018, when a user named harry dmd him..
it was only a matter of time until he used his powers to steal millions - not thousands of dollars.
that opportunity struck him in jan 2018, when a user named harry dmd him..
"hey man, could you hack an at&t phone? i have a target i think is good."
this wasn't your ordinary target - it was michael terpin. you may know him as the founder of .
terpin owned hundreds of millions worth of crypto on exchanges. match.com
this wasn't your ordinary target - it was michael terpin. you may know him as the founder of .
terpin owned hundreds of millions worth of crypto on exchanges. match.com
ellis and harry wanted it.
on jan 7th, 2018, they executed their attack, right when terpin was attending a crypto conference in las vegas.
a rogue at&t employee facilitated the sim swap, and the two were in.
they reset the password to his email, then ran a script.
on jan 7th, 2018, they executed their attack, right when terpin was attending a crypto conference in las vegas.
a rogue at&t employee facilitated the sim swap, and the two were in.
they reset the password to his email, then ran a script.
it scanned his email for references to crypto passwords or private keys.
on one of terpin's outlook emails, it caught a file named "keys."
"holy shit.’ we open that file, & see that there’s just a bunch of keys to various wallets.” - pinsky recalls.
the two had just made $24m.
on one of terpin's outlook emails, it caught a file named "keys."
"holy shit.’ we open that file, & see that there’s just a bunch of keys to various wallets.” - pinsky recalls.
the two had just made $24m.
ellis used 6-7 of his friends from ogusers to help exchange the stolen funds to btc.
in return, they kept ~$20k per batch.
one of these was fellow sim swapper nicholas truglia.
however, he wasn't as compliant as the rest.
in return, they kept ~$20k per batch.
one of these was fellow sim swapper nicholas truglia.
however, he wasn't as compliant as the rest.
after an initial $500k, ellis sent him another $1m to exchange for btc.
then, he left the call.
nicholas had different plans.
he wanted all the money for himself.
& unlike ellis, he wasn't too safe abt it.
in fact, he was the reason their house of cards came tumbling down.
then, he left the call.
nicholas had different plans.
he wanted all the money for himself.
& unlike ellis, he wasn't too safe abt it.
in fact, he was the reason their house of cards came tumbling down.
nicholas was a notorious sim swapper.
although he only played a small role in the terpin incident, he was responsible for dozens of other hacks.
over the years, he gradually revealed himself to friends and unbeknownst to him - one of them was taking notes.. with a lawyer.
although he only played a small role in the terpin incident, he was responsible for dozens of other hacks.
over the years, he gradually revealed himself to friends and unbeknownst to him - one of them was taking notes.. with a lawyer.
this friend had been compiling evidence against him for months - and sharing it with terpin's lawyers.
part of this evidence includes pictures of nicholas attempting to sim swap in the act.
furthermore, law enforcement was closing in on his paper trail..
part of this evidence includes pictures of nicholas attempting to sim swap in the act.
furthermore, law enforcement was closing in on his paper trail..
in the months after the terpin hack, nicholas carried out 6 more attacks.
the react task force traced hacked funds back to wallets on coinbase.
they subpoenaed coinbase for the information..
and this is what they got:
the react task force traced hacked funds back to wallets on coinbase.
they subpoenaed coinbase for the information..
and this is what they got:
on nov 13th, 2018, they raided his apartment.
inside his icloud backup, they found messages the day of the terpin hack:
"today my life changed forever."
"i'm a millionaire i'm not kidding. i have 100 btc."
he also hired escorts & ordered them tickets to the superbowl.
inside his icloud backup, they found messages the day of the terpin hack:
"today my life changed forever."
"i'm a millionaire i'm not kidding. i have 100 btc."
he also hired escorts & ordered them tickets to the superbowl.
in 2019, terpins lawyer's submitted a civil lawsuit under the rico act.
this ordered the perpetrators to pay $72m worth in restitution to terpin - 3x the hacked amount.
however, nicholas was only responsible for less than 10% of the hacked funds.
the rest was ellis'.
this ordered the perpetrators to pay $72m worth in restitution to terpin - 3x the hacked amount.
however, nicholas was only responsible for less than 10% of the hacked funds.
the rest was ellis'.
terpin was already onto ellis.
shortly after christmas in 2018, one of his lawyers emailed ellis' mom.
the email accused ellis of being the mastermind behind the $24m hack against terpin.
after viewing the message his mom hired him a lawyer.
shortly after christmas in 2018, one of his lawyers emailed ellis' mom.
the email accused ellis of being the mastermind behind the $24m hack against terpin.
after viewing the message his mom hired him a lawyer.
w his lawyer, ellis returned what he stole in full - 562 btc, a patek watch, and $100k in cash under his bed.
however, that wasn't the end. when ellis returned the money, its value had fell to $2m.
on his 18th birthday, terpin surprised him with yet another lawsuit.
however, that wasn't the end. when ellis returned the money, its value had fell to $2m.
on his 18th birthday, terpin surprised him with yet another lawsuit.
this time requesting he's paid the usd value at the time ( > $10m) + $72m restitution.
two weeks after this news went public, 4 masked men broke into ellis' house - likely expecting to find the money.
ellis had long expected this moment, even bought a shotgun in anticipation.
two weeks after this news went public, 4 masked men broke into ellis' house - likely expecting to find the money.
ellis had long expected this moment, even bought a shotgun in anticipation.
his family was alarmed by their security system, and barricaded upstairs pointing a shotgun at the door until police came.
the fight didn't end there.
after a drawn out legal process, the two came out on favorable terms.
nicholas plead guilty to several counts of wire fraud.
the fight didn't end there.
after a drawn out legal process, the two came out on favorable terms.
nicholas plead guilty to several counts of wire fraud.
he was sentenced to 18 months & ordered to pay $20m in restitution to terpin.
he finished his sentence in 2023, & was arrested again for civil contempt after he said he did not have access to the funds to pay for restitution.
he could be held indefinitely until it's paid off.
he finished his sentence in 2023, & was arrested again for civil contempt after he said he did not have access to the funds to pay for restitution.
he could be held indefinitely until it's paid off.
ellis was too young to serve any time.
instead, he was ordered to pay an additional $22m in restitution on top of what he'd already returned.
he is currently enrolled at nyu studying computer science and philosophy.
instead, he was ordered to pay an additional $22m in restitution on top of what he'd already returned.
he is currently enrolled at nyu studying computer science and philosophy.
if you enjoyed this thread, please consider leaving a like and retweet.
and remember to be weary of the kids you talk shit to online.
they might just take all your money someday..🧁
and remember to be weary of the kids you talk shit to online.
they might just take all your money someday..🧁
• • •
Missing some Tweet in this thread? You can try to
force a refresh
