AT&T Moves to Dismiss Crypto Liability Case

On December 6, defendant AT&T filed a motion to dismiss a case against it (Seth Shapiro v. AT&T Mobility, LLC 2:19-cv-08972-CBM-FFM) in the California Central District Court. Seth Shapiro is represented Pierce Bainbridge Beck Price and Hecht and AT&T is represented by  Gibson, Dunn & Crutcher.

AT&T moved to dismiss the case because for all claims, Shapiro “has failed to plausibly allege proximate cause.” The motion further explains the shortcomings in Shapiro’s case based on each claim.  AT&T moved to dismiss the request for punitive damages because “Mr. Shapiro has not pled any involvement by an ‘officer, director or managing agent’ of AT&T in any challenged conduct and has not pled the required malice, fraud or oppression.”

The original complaint was filed by Shapiro, VideoCoin Head of Strategy, in relation to a SIM swapping hack that cost more than $1.7 million worth of digital assets. Shapiro alleged that AT&T allowed hackers repeated access to his SIM card that allowed them to clean out his digital wallets. The suit stated that two previous AT&T employees were crucial to the operation.

The complaint alleged: “While third parties had control over Mr. Shapiro’s AT&T wireless number, they used that control to access and reset the passwords for Mr. Shapiro’s accounts on cryptocurrency exchange platforms… This capital… was accessed by the hackers utilizing their control over Mr. Shapiro’s AT&T wireless number.” Further, “[b]y utilizing their control over Mr. Shapiro’s AT&T cell phone number—and the control of additional accounts (such as his email) secured through that number by utilizing two-factor authentication—these third-party hackers were able to access Mr. Shapiro’s accounts on various cryptocurrency exchange platforms, including the accounts he controlled on behalf of his business venture. The hackers then transferred Mr. Shapiro’s currency from Mr. Shapiro’s accounts into accounts that they controlled. In all, they stole more than $1.8 million from Mr. Shapiro in the two consecutive SIM swap attacks on May 16, 2018.” The complaint also stated that two other cryptocurrency executives were victims of this type of attack. AT&T has denied these allegations.

AT&T’s motion to dismiss the case claimed that the SIM swap would not permit the hackers to access his accounts. Further, the motion states that his complaint is based on the inference of the events, not factual allegations. The motion stated, “it is equally plausible that the SIM swap had nothing to do with the thefts, because the SIM swap and the thefts reflect that criminals must have had pre-existing knowledge of Mr. Shapiro’s holdings and his personal information, yet the complaint lacks any allegations to explain how the SIM swap contributed to that pre-existing knowledge.” The motion also posed that there are gaps in Shapiro’s argument against AT&T and that he does not provide certain useful information. “Mr. Shapiro does not explain what security protected his funds; what information the criminals required to circumvent that security; or what, if any, of that information was obtained independent of the alleged SIM swap.”  This information would be useful to determine the link between the SIM swap and the hacked accounts if any connection exists.

An account of the events reveals the steps Shapiro took after he suspected he had been hacked.

AT&T stated that the case should be dismissed because of Shapiro’s failure to plead proximate cause. In particular, “Mr. Shapiro does not allege how accessing his phone led to the loss of $1.8 Million,” his “allegations fail because they rely on unforeseeable criminal acts.” Further, the motion stated that Mr. Shapiro’s Right to Privacy Claim under the California Constitution, his claims for negligence and negligent supervision and entrustment, his CLRA claim and his claim under the Computer Fraud and Abuse Act should be dismissed and he should not receive punitive damages.