Articles Posted in Cryptocurrency

Chicago-based Stoltmann Law Offices is representing investors who’ve suffered losses from firms that have not protected crypto assets. In this cyber age, some of the biggest thefts don’t involve masked robbers and guns. They happen online as thieves are increasingly stealing digital currencies and Non-Fungible Tokens (NFTs), which are valuable digital images. In the first quarter of this year alone, cyberthieves have robbed some $1.3 billion in hacking events, according to Atlas VPN.

How do thieves pull off these heists? They break into so-called online “digital wallets,” or online exchanges where investors store cyber currencies like Bitcoin. Unlike bank vaults with thick steel doors, these virtual storerooms can be accessed any number of ways through the internet. Third parties act as repositories for the currencies and include:

  • The Ethereum ecosystem was hacked 18 times, resulting in a loss of almost $636 million.

Chicago-based Stoltmann Law Offices is representing investors who’ve been victims of cryptocurrency thefts. These days, cryptocurrencies or “digital cash” are all the rage. You can speculate with it, buy a few consumer goods, and even play games. Unfortunately, like any currency that is a store of value, it can be stolen.

One of the largest heists in the short history of cryptocurrencies occurred recently when customers of Axie Infinity, a play-to-earn online game, lost some $625 million to a thieving hacker.

It was reported that the Axie account was hacked on March 23rd, although it was only revealed on Tuesday, March 29th.  According to Yahoo News, “Axie Infinity remains one of the most popular play-to-earn games, and users continued to log on Wednesday after news of the crypto heist. Hackers targeted a vulnerability in the bridge — or a software mechanism for exchanging types of crypto tokens — to drain funds in two separate transactions.”

Chicago-based Stoltmann Law Offices represents investors who’ve suffered losses from being scammed by their financial advisors and the firms for whom they work. For operators peddling scam investments, every crisis is an opportunity. The tragic war in Ukraine is a sad example. Scamsters are ramping up their games to take advantage of people concerned about the crisis – and those hoping to profit from it.

Since the U.S. and European Union have frozen conventional Russian assets, global attention has shifted to the marketing of cryptocurrencies. These “virtual” coins are computer code not backed by hard assets or governments. They can be “minted” by anyone at any time. They are seen are alternative forms of cash, although many of them can be fraudulent.

Ukraine had been a center of cryptocurrency scams before the war.  Last year Ukrainian officials shut down “six illegal call centers. The operation carried out by the Security service of Ukraine has stopped these operations from continuing their cryptocurrency investment scams. From their base of operations, the crypto scammers were reaching out to countless potential victims to try to defraud them with promises of non-existent investment opportunities.”

Stoltmann Law Offices is a Chicago-based investor rights law firm offering representation to defrauded investors on a contingency fee basis.  On February 24, 2022, the United States Securities and Exchange Commission (SEC) filed a civil complaint against Arthur Stewart Hoffman alleging he breached his fiduciary duty to several clients he recommended invest in an entity called Zima Global Ventures.  The SEC alleges that Zima Global was to pool investor money to then invest in a crypto-currency trading operation. Investors who put their hard-earned money into Zima as a result of the recommendation by Hoffman may have viable claims for recovery against Ameriprise Financial, the brokerage and investment advisory firm Hoffman was registered with at the time he made these solicitations.

According to his FINRA BrokerCheck Report, Hoffman was registered with Ameriprise from November 2016 until his termination for cause on May 13, 2020.  Two days after he was terminated, FINRA barred Mr. Hoffman from the securities industry for failing to cooperate and provide documents and information in response to a Rule 8210 request for information. Mr. Hoffman also filed for Chapter 7 bankruptcy protection in Arizona in May 2020. Importantly, on February 16, 2016, a customer filed a complaint against Hoffman which alleged a million dollars in damages in connection with securities fraud, breach of fiduciary duty, and fraudulent concealment. The regulator reports that this case was settled for $329,500, making it a very meaningful customer claim and supervisory issue for Hoffman moving forward.  Ameriprise should have kept Hoffman on a very short leash, but the facts seem to be, they allowed him to operate on a proverbial island where he was able to run an outside business and funnel Ameriprise client money to this Zima crypto-scam.

Brokerage firms like Ameriprise are legally responsible for supervising their financial advisors. Included in this mandate is to adequately supervise outside businesses, even if they are not disclosed, if red flags exist that the advisor is operating an outside entity. Here, Ameriprise clients invested money in Zima based on Hoffman’s solicitations.  Red flags do not get much more serious than that. Simply phone calls and monitoring of client accounts would have revealed that Hoffman was selling securities in an outside entity.  Ameriprise’s supervisory procedures were insufficient and not up to industry standards, which could make Ameriprise liable for negligence.

Stoltmann Law Offices is a Chicago-based securities, investment fraud, and class action law firm offering representing to defrauded investors and victims of fraud nationwide on a contingency fee basis.  We have been closely monitoring allegations that IRA Financial Trust account owners had over $36 million in crypto-currency stolen from their IRAs through a hack of their system on or around February 8, 2022. IRA Financial partners with Gemini Trust Co. to offer the opportunity for its self-directed retirement account clients to invest in cryptocurrency. IRA Financial represents on its website that “Our Trust company’s focus on compliance and security is based on three principles: State regulated, Industry-leading technology, and FDIC protection of cash up to $250,000 through Capital One.” The company goes on the admit that it “must meet the capitalization, compliance, anti-money laundering, consumer protection, and cybersecurity requirements set forth by the South Dakota Division of Banking, and protect the interests of our customers first and foremost.” In specifically representing their stringent “Infrastructure Security”, IRA Financial Trust represents that:

  • We leverage the content-security policy (CSP) and HTTP Strict Transport Security (HSTS) features found in modern browsers.
  • We partner with enterprise vendors to mitigate distributed denial-of-service (DDoS) attacks.

Stoltmann Law Offices, P.C. is a Chicago-based securities and investor-protection law firm offering representation to defrauded investors nationwide on a contingency fee basis. We have been prosecuting claims against cellular phone providers like T-Mobile, AT&T, and Verizon on behalf of victims of SIM-Swap attacks for the past few years now. We are also actively pursuing claims against Coinbase for its role in failing to secure their customer accounts in violation of the terms of their user agreement.

Recently, there has been a flood of SIM Swap attacks against T-Mobile customers. Although it is speculation, this summer, T-Mobile announced that its customer database had been compromised, leading to the unauthorized access to customer account information effecting over 40 million subscribers.  That attack, as time has gone by, has been revealed to have been far worse than originally reported.  T-Mobile updated its customers a few months ago, and suggested that the attack compromised critical security information about its customer accounts, including phone numbers, customer names and addresses, dates of birth, IMEIs and IMSIs.  T-Mobile said in a statement that it had no indication that hackers were able to access financial information such as credit card or debit card data.  By way of background, an IMSI is the unique “International Mobile Subscriber Identity” number which identifies every cellular network user. It is a unique 15-digit number assigned to every user and is part of your SIM profile. SIM is another acronym for “Subscriber Identity Module.” The IMSI identifies where you use your phone and which mobile network (i.e., T-Mobile) you access.  This is critical intelligence for anyone seeking to pull off a SIM Swap.

Although the hackers didn’t apparently gain access to sensitive financial data of customers, they did get a picnic basket of information that was surely sold to other hackers. If a hacker has your phone number, name/address, and IMSI, getting a SIM swap done is pretty simple unfortunately. These hackers identify people known to have crypto-currency accounts and then engineer hacks of their SIM so that they can gain access to a target’s Coinbase account and transfer the funds to another wallet on the blockchain and move on to the next victim. Because of the anonymous nature of crypto-currency transactions on the blockchain, the transactions are virtually untraceable and cannot be reversed.  This massive attack on T-Mobile, which compromised millions of customer accounts, is likely leading to a surge in SIM Swap-Crypto theft attacks. These massive data breaches by cellular providers are not  a new phenomenon and occur far too often. The good news for victims is, cellular providers like T-Mobile, AT&T, and Verizon can be held liable for a SIM Swap attack that leads to the loss of crypto currency or other financial accounts.

Stoltmann Law Offices, P.C. is a Chicago-based investor rights and securities law firm that has represented investors nationwide for almost 17 years. Investors who are defrauded by financial advisors have rights and can pursue arbitration against firms like Wells Fargo in an attempt to recover investment losses.  On November 2, 2021, FINRA, which is the federal regulator of broker/dealers like Wells Fargo Advisors and James Seijas, issued an “Acceptance, Waiver, and Consent” (AWC) in which James Seijas consented to a life-time ban from the securities industry. The reason for the ban was a result of Seijas consciously failing to respond to FINRA’s requests for information authorized by FINRA Rule 8210. If an advisor does not comply or cooperate with FINRA’s investigation, then the regulator will seek to bar the advisor for life. This is a stiff sentence for non-compliance but is not uncommon when brokers facing seriously allegations by customers or regulators are asked to comply with information requests or sit for an interview on the record.

The AWC was prompted by a filing made by Wells Fargo on Form U-5, which is a securities industry form filed with regulators when a broker’s registered ends with a firm like Wells Fargo.  The U-5 Wells Fargo filed identified the reason for him no longer being registered with the firm and was enough to trigger an investigation by FINRA. The AWC does not say what that Form says, and even more peculiarly, his FINRA BrokerCheck Report does not say anything about him being terminated for cause, which is a required disclosure. What his BrokeCheck Report does reveal, however, is the existence of two pending customer complaints. Both complaints have to do with the recommendation to invest in a fraudulent hedge fund or an investment which was part of a Ponzi scheme.

According to AdvisorHub, Seijas is a defendant in a pending claim which alleges he was involved in a $30 million-plus crypto-currency investment scheme. This claim is pending in Hillsborough County, Florida, against Seijas and several other defendants, including Wells Fargo. The prevalence and sudden popularity of cryptocurrency creates a perfect storm for scammers and unsuspecting victims. There is a lot of “FOMO” – fear of missing out – when it comes to crypto-currency. Investors are eager to dip their toes into the pool but many are reluctant to dive in by opening accounts with crypto-exchanges like Coinbase. Instead, investors get involved with purported “hedge” funds that allegedly invest in crypto, like those that invested with Seijas.

Stoltmann Law Offices is a Chicago-based securities and investor rights law firm dedicated to a nationwide practice to recover money lost by investors as a result of the misconduct of financial advisors and their brokerage and investment firms. We have prosecuted at least one hundred cases over the years against Morgan Stanley and were not surprised to learn about David Todd Levine and his being barred by FINRA, the State of Colorado, and the Securities and Exchange Commission. These bars were “by consent” meaning none of the allegations made against Mr. Levine were proven. It just means instead of fighting them, Mr. Levine will instead never be able to legally provide investment advice to anyone for the rest of his life.

According to an Order Instituting Administrative Proceedings (OIP) filed by the SEC, which parroted claims made by the Colorado Securities Commissioner, Mr. Levine recommended that clients invest in a Bitcoin investment being run by his brother. In so doing, Mr. Levine allegedly failed to disclose that his brother was a fugitive from the law in the United States, living abroad. The Commission further alleged that Mr. Levine failed to disclose this criminal history to any of his clients and further failed to verify the legitimacy and ownership of the Bitcoin that was apparently part of this investment scheme. The SEC also alleged that Mr. Levine failed to develop a method for ensuring the transfer of funds and Bitcoin, which allowed his brother to steal $1.5 million. Levine also allegedly failed to disclose the high risk nature of this investment scheme.  If you are a victim of Mr. Levine’s alleged Bitcoin scam, and you were a client of his and Morgan Stanley, you could have a viable claim to pursue against Morgan Stanley.

Although it is alleged that Levine failed to disclose this investment and his involvement in it to Morgan Stanley, that does not automatically release Morgan Stanley from potential liability.  Whether Morgan Stanley can be found liable by FINRA arbitrators depends on two issues regardless of disclosure by Levine.  1) Were there sufficient red flags that Levine was soliciting his clients to invest in this Bitcoin investment so has to put Morgan Stanley on constructive notice of it? 2) Were clients reasonable to believe that Levine was acting within the course and scope of his employment with Morgan Stanley in recommending an investment in a Bitcoin related deal? Typically, advisors leave enough of a paper trail behind them that reasonable supervision and compliance should discovery this sort of outside activity. Levine was offering it to Morgan Stanley clients after all, so a few phone calls by Morgan Stanley and they would have uncovered what was happening. Moreover, investors would certainly be reasonable in assuming what Levine was doing was legitimate and was through or at least tacitly approved by Morgan Stanley.  This “apparent agency” issue could make Morgan Stanley liable for your losses. Courts agree. See McGraw v. Wachovia Securities, 856 F. Supp. 2d 1053 (N.D. Iowa 2010).

Stoltmann Law Offices has previously alerted consumers that their brokerage firms can be held responsible for theft in their brokerage, bank, or cryptocurrency accounts as a result of hacking. We have been successful in recovering these losses from brokerage firms for our clients. That is because the regulations are very clear on the supervision and compliance procedures that these firms must execute to protect their clients and their hard-earned savings.

FINRA Rule 3110 requires brokerage firms to establish and maintain a supervisory system to achieve compliance with applicable securities laws and regulations. Included in this supervisory system is the requirement to safeguard customer funds and securities and to inspect the “transmittals of funds (e.g., wires or checks, etc.) or securities from customers to third party accounts; from customer accounts to outside entities (e.g. banks, investment companies, etc.)…” (FINRA Rule 3110(c)(2)(A)).

Firms are further required to comply with the Gramm-Leach-Bliley Act Safeguards Rule (Regulation S-P) and the Identity Theft Red Flags Rule (Regulation S-ID). Pursuant to Regulation S-ID, this includes having an Identity Theft Prevention Program with procedures to identify, detect, and respond to red flags of identity theft. 17 CFR §248.201(d).

Stoltmann Law Offices, P.C has represented SIM-Swap hacking victims and continues to investigate ongoing claims related to this sordid scam impacting many people.  A story reported by CNN last week went into detail about a specific victim in San Francisco. According to the story, Robert Ross had over $2 million stolen from him when his phone was hacked through a process called “SIM-Swapping” or “SIM-Jacking.” Like so many of these victims, Mr. Ross was a crypto-currency investor and those were the funds that were stolen from him.  Mr. Ross is suing his cellular provider, AT&T, for its role in enabling the fraudsters who stolen millions from him. The outcome of that lawsuit is far from certain. However, Stoltmann Law Offices continues to monitor updates on these SIM-Swapping scams and are fully engaged in prosecuting cases on behalf of victims against their cellular providers.

These cases are not highly technical or difficult to grasp once you understand some of the basics. First, its important to understand one bit of technical jargon.  What is a “SIM” card? A “SIM Card” is a memory chip contained inside a mobile phone which carries a unique identification number specific to the owner, stores the owner’s personal data, and disables the mobile phone if removed. SIM Swapping is a means of infiltrating someone’s cellular world by taking control of the user’s SIM Card and have it activated in a phone controlled by the scammer, without stealing the phone or breaking it open to actually remove the SIM card. Here, the infiltration is virtual and once the scammer has the customer’s SIM card activated in the phone in his possession, it can then be used to gain access to emails, brokerage accounts, bank accounts, and cryptocurrency virtual wallets.

The scheme is so incendiary because it takes advantage of two-step authentication – something we’ve all been told for years to have set up to PROTECT us from hackers.  Here’s how it works: The crook convinces AT&T (or Verizon, Sprint, or T-Mobile) that he is the account owner. The crook accomplishes this typically by making up a story why the phone number needs to be transferred to a new phone. In one case the imposter simply called AT&T Customer Service, told them he dropped his phone in a lake, and that he had a new phone that needed to be activated. Instead of determining whether the phone that was allegedly at the bottom of a lake was still active and in-use, the AT&T representative accepted the unverified representations of the imposter and activated the “new” phone in the hands of the scam artist. The customer’s actual phone was deactivated and by the time it was realized, the fraudster gained access to the customer’s email and then virtual wallet. The CNN story about what happened to Mr. Ross – noticing his cell phone had no service, or “zero bars” for no apparent reason – is the first indication your SIM has been compromised.

CNBC
FOX Business
The Wall Street Journal
Bloomberg
CBS
FOX News Channel
USA Today
abc NEWS
DATELINE
npr
Contact Information