SIM Swap Attacks in 2026: What Victims Need to Know

If you believe you were the victim of a SIM swap attack and lost cryptocurrency or access to your accounts, start with the video above. It explains what likely happened and what legal options may be available.

SIM swap attacks are rapidly increasing in 2026. They are now one of the most damaging forms of cybercrime affecting crypto holders, investors, and everyday consumers.

These attacks often begin when a mobile carrier transfers a customer’s phone number to a SIM card controlled by a criminal.

Once that happens, the attacker receives your calls, text messages, and security codes.

They can reset passwords and access email accounts, crypto exchanges, and self-custody wallets. In many cases, cryptocurrency and other assets are stolen within minutes.

Victims often realize what happened only after their phone stops working.

Many people searching for a SIM swap attorney or SIM swap lawyer are surprised to learn how complex these cases can be.

SIM swap attacks frequently involve failures by wireless carriers such as T-Mobile, Verizon, AT&T, or other providers.

These failures may include weak authentication procedures, ignored security flags, or unauthorized SIM transfers.

When carrier security failures lead to stolen cryptocurrency or financial losses, victims may have legal claims.

These claims are often pursued through arbitration or litigation under federal telecommunications law and consumer protection rules. Timing matters. Evidence can disappear quickly, and deadlines may apply.

In the video above, Max Dilendorf, founder of Dilendorf Law Firm, explains how SIM swap attacks work.

He also discusses why these crimes are accelerating in 2026 and what victims should do immediately after discovering an attack.

Dilendorf Law Firm has handled more than 130 cybercrime and crypto-related matters. These include SIM swap attacks, cryptocurrency theft, software liability disputes, and AI-related fraud.

The firm regularly represents victims in complex arbitration cases against major mobile carriers.

This video is designed to help victims understand their rights. It explains why acting quickly is critical. It also outlines how working with an experienced SIM swap lawyer can help victims evaluate potential recovery options.

Resources:

1. Cryptocurrency – Internet Crime Complaint Center (IC3)
2. NYDF Consumer Complaint
3. AAA Consumer Arbitration Rules
4. JAMS Comprehensive Arbitration Rules & Procedures
5. Crypto Enforcement
6. Modern Scams: How Scammers are Using Artificial Intelligence and How We Can Fight Back
7. Cryptocurrency Fraud Report 2023
8. Cryptocurrency: Selected Policy Issues
9. Combatting Illicit Activity Utilizing Financial Technologies and Cryptocurrencies
10. Crypto-Assets: Implications for Consumers, Investors, and Businesses
11. Exploring the Cryptocurrency and Blockchain Ecosystem
12. Crypto Assets
13. What To Know About Cryptocurrency and Scams
14. Digital Assets | CFTC
15. Taxpayers need to report crypto, other digital asset transactions on their tax return

Introduction

SIM-swap attacks remain one of the most common methods by which criminals steal cryptocurrency.

By fraudulently transferring a victim’s phone number to a SIM card under the attacker’s control, bad actors gain access to SMS-based authentication, password resets, and account recovery mechanisms used by many cryptocurrency wallets and exchanges.

Once control of the phone number is lost, unauthorized transfers of digital assets often follow quickly.

In 2025, the U.S. Court of Appeals for the District of Columbia Circuit issued a recent and important decision in Sprint Corp. v. FCC, affirming significant penalties against wireless carriers for failing to adequately protect Customer Proprietary Network Information (CPNI).

While the case addressed misuse of customer location information, the court’s analysis is directly relevant to SIM-swap cases—particularly those in which carrier failures enable downstream harms such as theft of cryptocurrency from self-custody wallets and centralized exchanges.

The Statutory Duty to Protect CPNI

Section 222 of the Communications Act imposes an affirmative duty on telecommunications carriers to safeguard customer information. The D.C. Circuit reaffirmed that this obligation is broad and mandatory:

“The Communications Act requires telecommunications carriers to ‘protect the confidentiality’ of customer proprietary network information.” Sprint Corp. v FCC, 151 F.4th 347, 353 (DC Cir. 2025)

Congress imposed this duty because telecommunications data is inherently sensitive. In Sprint, the court emphasized that customer location information reveals deeply personal details about subscribers’ lives:

“Over time, this information becomes an exhaustive history of a customer’s whereabouts and ‘provides an intimate window into [that] person’s life.’” Id. at 352

SIM-swap attacks depend on similarly sensitive forms of CPNI, including account authentication data, subscriber verification credentials, and control over phone numbers.

The statutory framework analyzed in Sprint applies with equal force to these categories of information.

“Reasonable Measures” Require Meaningful Safeguards

A central issue in the 2025 decision was whether Sprint and T-Mobile implemented “reasonable measures” to protect CPNI, as required by FCC regulations.

The court upheld the FCC’s conclusion that they did not.

The governing regulation requires carriers to take active steps to prevent unauthorized access:

“Carriers must take reasonable measures to discover and protect against attempts to gain unauthorized access to CPNI.” Id. at 353. 

In practice, Sprint and T-Mobile relied heavily on contractual promises from third parties rather than implementing independent verification or monitoring systems.

The FCC found this approach insufficient, concluding that the carriers:

“Unreasonably relied on ‘the honor system.’” d. at 357. 

This reasoning closely parallels SIM-swap cases, where carriers may rely on weak identity verification procedures, easily compromised knowledge-based authentication, or inadequate review of high-risk account changes.

Under Sprint, such practices can fall short of the reasonableness standard imposed by federal law.

Failure to Detect Unauthorized Access

The court also emphasized that reasonable safeguards must include the ability to identify illegitimate access attempts.

Sprint and T-Mobile lacked mechanisms to reliably separate lawful from unlawful requests:

“Nor did either carrier have an effective mechanism for distinguishing between a legitimate request for customer location information and an illegitimate one.” Id. at 357.

In the SIM-swap context, this principle is critical. If a carrier cannot distinguish between a legitimate subscriber request and a fraudulent SIM change initiated by an impostor, that failure may itself constitute a violation of the carrier’s duty to protect CPNI.

Notice of Risk Heightens the Duty to Act

The 2025 decision also makes clear that once carriers are aware of abuse, their obligations increase.

Continuing operations without meaningful changes after known vulnerabilities are exposed can constitute additional violations:

“Even after highly publicized incidents put [the carriers] on notice that [their] safeguards… were inadequate, the Carriers continued to sell access… without implementing reasonable measures.” Id. at 358. 

Wireless carriers have now been on notice for years about the risks of SIM-swap fraud.

Public reporting, regulatory enforcement, arbitration decisions, and litigation have repeatedly identified the same weaknesses.

Under Sprint, failure to address known risks supports findings of unreasonable conduct.

Each Breakdown May Constitute a Separate Violation

The court also upheld the FCC’s determination that each distinct failure to protect CPNI may be treated as an independent violation:

“Each unique relationship… represented a distinct failure to reasonably protect CPNI.” Id. at 358. 

Applied to SIM swaps, this reasoning supports the position that individual unauthorized SIM transfers—particularly where systemic deficiencies persist—may independently give rise to liability.

Implications for SIM-Swap-Enabled Crypto Theft

Although Sprint Corp. v. FCC arose in the context of an FCC enforcement action, its reasoning has broader implications for private claims and arbitrations involving SIM swaps and cryptocurrency theft. The decision confirms that:

• Carriers owe a statutory duty to protect sensitive customer data
• Safeguards must be operational, verifiable, and reasonable
• Known risks require timely corrective action
• Failure to protect CPNI can cause foreseeable and substantial harm

As the FCC concluded, inadequate safeguards:

“Caused substantial harm by making it possible for malicious persons” to exploit customer data. Id. at 358. 

In SIM-swap cases, that harm frequently manifests as stolen cryptocurrency from both self-custody wallets and centralized exchanges.

Conclusion

The D.C. Circuit’s 2025 decision in Sprint Corp. v. FCC provides timely and authoritative guidance on the scope of wireless carriers’ obligations to protect CPNI.

Its reasoning is directly relevant to SIM-swap cases, where inadequate authentication procedures and weak safeguards enable unauthorized access to phone numbers and, ultimately, digital asset theft.

Dilendorf Law Firm has represented clients in more than 130 arbitrations, including SIM-swap cases against T-Mobile, Verizon, AT&T, and other carriers, involving failures to protect customer CPNI that resulted in the theft of cryptocurrency.

If you were a victim of a SIM swap and funds were stolen from self-custody wallets such as MetaMask, Phantom, Coinbase Wallet, or other non-custodial wallets, or from centralized exchanges such as Coinbase, Binance, Crypto.com, or Uphold, you may have legal claims worth evaluating.

Victims are encouraged to contact Dilendorf Law Firm for a consultation.

Clients holding significant amounts of cryptocurrency should also consider proactive asset-protection and custody planning.

Depending on individual circumstances, this may include the use of domestic or offshore asset protection trusts, which can provide an additional layer of protection against cyber threats and unauthorized access.

Dilendorf Law Firm assists clients in designing and implementing these structures, informed by extensive firsthand experience with the consequences of SIM swaps, cyberattacks, and crypto theft.

In addition, for many investors, crypto custody with a secure and insured institutional custodian is paramount, as reliance solely on personal devices and phone-based authentication can expose digital assets to avoidable risk.

In September 2025, the U.S. Court of Appeals for the Second Circuit issued a landmark, up-to-date ruling in Verizon Communications Inc. v FCC, 156 F.4th 86, 90 (2d Cir 2025), affirming a $46.9 million FCC forfeiture for Verizon’s failure to protect customer proprietary network information (“CPNI”).

This fresh 2025 decision is one of the most significant appellate rulings to date addressing telecom data protection—and it carries immediate consequences for SIM swap fraud and crypto theft.

At a time when SIM swap attacks are routinely used to drain cryptocurrency wallets, defeat multi-factor authentication, and take over financial and digital accounts, the Second Circuit’s ruling sends a clear message: carrier failures to protect CPNI are no longer tolerated as mere operational mistakes.

A Current Appellate Signal on Carrier Duties

The Second Circuit’s 2025 decision reaffirms that Section 222 of the Communications Act imposes an affirmative and ongoing duty on wireless carriers to safeguard customer data.

This is not a historical interpretation—it is a present-day enforcement framework now validated by a federal appellate court.

As the court emphasized:

“Carriers have ‘a duty to protect the confidentiality of proprietary information of, and relating to, … customers.’”

The court underscored that this duty applies broadly to CPNI, rejecting Verizon’s attempt to narrow the statute’s scope. In language especially relevant to modern SIM swap attacks, the court held that:

“Customer proprietary network information is defined as ‘information that relates to the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service.’”

And further clarified:

“Device-location data both ‘relates to the … location … of a telecommunications service’ and is obtained ‘solely by virtue of the carrier-customer relationship.’”

This reasoning matters now. In SIM swap fraud, the attacker’s power comes entirely from the carrier-customer relationship—the same relationship Section 222 is designed to protect.

2025 Confirmation That “Reasonable Measures” Must Be Real

A central takeaway from the 2025 decision is that carriers cannot satisfy their legal obligations with paperwork, contracts, or internal policies alone.

The FCC found—and the Second Circuit agreed—that Verizon’s safeguards were ineffective.

The court reaffirmed that carriers must:

“Take reasonable measures to discover and protect against attempts to gain unauthorized access to customer proprietary network information.”

Yet Verizon failed because it:

“Relied heavily on a chain of contractual arrangements” and monitoring that “apparently mainly consisted of analysis of unverified vendor-created consent records.”

The FCC determined that Verizon’s system:

“Assumed that the location requests and consent records provided by the [vendors] would be legitimate in the first instance.”

This 2025 holding resonates directly with SIM swap cases, where carriers often rely on employee scripts, minimal ID verification, or backend notes—while attackers exploit social engineering to gain control of phone numbers and steal crypto assets within minutes.

Fresh Judicial Recognition of Notice and Ongoing Risk

The Second Circuit also emphasized that prior warnings increase carrier responsibility. Verizon had internal notice of vulnerabilities before the misconduct ended.

An internal report warned that:

“It is possible for [third parties] with delegated consent to falsify consent records and obtain [Verizon] subscriber data without their consent.”

Despite that warning, Verizon continued its practices. The FCC treated this as continuing violations, and the court upheld that conclusion.

For SIM swap fraud in 2025, the parallel is clear: carriers have long been on notice that SIM swaps enable crypto theft, account takeovers, and identity compromise.

Continued failures after years of public reporting and enforcement actions now carry heightened legal risk.

2025 Enforcement Momentum, Not Historical Footnote

Verizon argued that the FCC acted arbitrarily. The Second Circuit rejected that argument, holding that the Commission:

“Reasonably considered the relevant issues and reasonably explained its decision.”

The court further reiterated that agency action is unlawful only if it:

“Entirely failed to consider an important aspect of the problem.”

This is a current endorsement of aggressive enforcement, confirming that telecom regulators have broad authority in 2025 to hold carriers accountable for CPNI failures.

Why This 2025 Case Matters for SIM Swap and Crypto Theft Victims

SIM swap attacks in 2026 are not anomalies—they are often the predictable result of systemic carrier failures. The 2025 Verizon v. FCC decision confirms that:

• CPNI protections are broad and enforceable
• Carrier authentication failures can violate federal law
• Ongoing weaknesses after notice increase liability

For victims of SIM swap fraud and resulting crypto theft, this decision provides a powerful, modern legal foundation for arbitration and enforcement actions.

Max Dilendorf of Dilendorf Law Firm represents victims of SIM swap fraud, crypto theft, and cybercrime.

Mr. Dilendorf has represented clients in 130+ cybercrime arbitration proceedings, including SIM swap cases against T-Mobile, AT&T, and Verizon.

If you were a victim of a SIM swap attack or cryptocurrency theft, please contact Max Dilendorf to discuss your legal options.  Email: info@dilendorf.com; Phone: 212.457.9797

Additional Resources

SIM-swap attacks are now one of the most common ways hackers gain illicit access to cryptocurrency accounts. Criminals convince a mobile carrier to reassign a victim’s phone number to a different device, intercept SMS authentication codes, reset passwords, and quickly drain funds. Because crypto transactions are instant, irreversible, and borderless, victims often suffer devastating losses within minutes.

A critical — but frequently misunderstood — issue is whether U.S. mobile carriers are legally responsible when unauthorized access to crypto accounts begins with the compromise of a phone number.

This FAQ explains what AT&T, Verizon, and T-Mobile say about liability, how their contracts are structured, and what crypto users and victims need to know.

1. Are U.S. wireless carriers responsible if a hacker uses my phone number to steal my cryptocurrency?

No. All three major U.S. mobile carriers have adopted contractual language that disclaims liability when a phone number is used — even without permission — to authenticate access to cryptocurrency accounts.

2. What do the agreements specifically say about cryptocurrency-related losses?

AT&T — Direct Disclaimer

“AT&T is not responsible for losses incurred as a result of your or a third-party’s use of your AT&T wireless number […] as a source of authentication or verification in connection with any […] financial, cryptocurrency or other account.”

“There is no security or protection guarantee against unauthorized access […]”

Verizon — Direct Disclaimer

“Disallowed damages include those arising out of […] unauthorized access […] or the use of your account or device by others to authenticate, access or make changes to a third-party account, such as a […] cryptocurrency account, including […] transferring or withdrawing funds.”

T-Mobile — Direct Disclaimer

“We are not liable for damages arising out of […] the use of your account […] to authenticate, access, use, or make changes to any third-party accounts, including financial, cryptocurrency, and social media accounts.”

3. What is a SIM-swap attack and how does it work?

A SIM-swap (also known as SIM hijacking, port-out fraud, or mobile identity takeover) occurs when a fraudster:

1. Poses as the victim with the carrier
2. Requests a number transfer to a new SIM
3. Gains control of SMS & calls
4. Uses SMS-based authentication to reset login credentials
5. Transfers cryptocurrency out of accounts

This can occur via carrier error, weak identity verification, social engineering, or insider misconduct.

4. Why do hackers target cryptocurrency users?

Because:

• Crypto transfers cannot be reversed
• Platforms often rely on SMS 2FA
• Balances may be large and liquid
• Attackers can act globally and anonymously
• Traditional fraud filters don’t apply to blockchain settlement

5. Why is SMS-based security considered unsafe?

SMS was designed for communication, not security. It is vulnerable to:

• SIM-swap fraud
• SS7 network vulnerabilities
• Phishing and spoofing
• Social engineering
• Device cloning
• Malware-enabled message interception

Even the U.S. National Institute of Standards and Technology (NIST) recommends against SMS-based authentication for high-value accounts.

6. Do the carriers guarantee account or identity security?

No, they do not.

AT&T:

“There is no security or protection guarantee against unauthorized access […]”

T-Mobile:

“We do not guarantee that your communications will be private or secure […]”

This means a phone number is not legally considered a security device.

7. What types of damages do carriers exclude?

Most carriers exclude:

• Indirect damages
• Consequential damages
• Punitive damages
• Loss of profits or opportunities
• Financial and asset-withdrawal losses

Example (T-Mobile):

“Neither of us will seek any indirect, incidental, special, consequential, treble, or punitive damages […]”

Crypto losses generally fall into these excluded categories.

8. Can I sue the carrier in court for negligence?

Typically no — carriers require private arbitration, not public litigation, and prohibit class actions.

T-Mobile:

“ALL CLAIMS […] WILL BE RESOLVED BY INDIVIDUAL BINDING ARBITRATION […]”

This means:

• No jury
• No courtroom
• No public record
• No mass filings

9. Can I join a class-action if many people were affected?

No — the agreements prohibit it.

T-Mobile:

“ANY PROCEEDINGS […] WILL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT AS A CLASS, REPRESENTATIVE, MASS, OR CONSOLIDATED ACTION.”

10. Does the carrier language completely eliminate legal options for victims?

Not necessarily.
Liability waivers do not protect carriers where claims involve:

• Gross negligence
• Policy violations
• Failure to follow authentication protocols
• Insider involvement / employee misconduct
• Misrepresentation or deceptive conduct
• State or federal privacy law violations
• Failure to detect or act on fraud indicators

These cases are fact-specific — evidence matters.

11. What evidence should victims immediately preserve?

• SMS, email, and account-alert logs
• Timeline of service interruption
• Carrier customer-service transcripts
• Employee names or agent IDs
• IP addresses and device-log entries
• Blockchain transaction IDs
• Ticket and complaint numbers
• Screenshots of all actions and communications

Digital forensics and timeline clarity are critical.

12. How can victims protect themselves going forward?

Use strong authentication (hardware key or authenticator app), avoid using your phone number for security or recovery on important accounts, move digital assets to secure wallets (especially hardware or multi-sig), and ask your carrier to enable all available security features, including port-freeze, SIM-swap lock, and unique passcodes. Treat your phone number as vulnerable, not as a security tool.

13. What actions can carriers take that increase liability risk?

• Approving SIM changes without proper ID
• Ignoring documented fraud warnings
• Allowing remote changes despite account flags
• Failing to escalate suspicious requests
• Failing to follow industry-standard authentication

14. What issues may be relevant when evaluating a SIM-swap case?

Every situation is fact-specific, and different details can influence how a dispute may be viewed or analyzed.

Examples of potentially relevant issues may include how the SIM change was approved, what verification steps were used at that time, whether there were any prior fraud warnings or security flags, whether internal policies were followed, whether the account had additional security features enabled, whether the customer contacted the carrier promptly after detecting unauthorized access, and whether there are available records (such as timestamps, chat transcripts, call logs, agent notes, and notifications) that can establish what occurred and when.

Documentation, clarity of events, and available evidence often play an important role in understanding these incidents.

15. When should a victim contact an attorney?

Early engagement can help ensure that communications, documentation, and timeline records are properly maintained and organized, and that any necessary steps are taken in an appropriate sequence. For that reason, many individuals choose to contact an attorney as soon as they become aware of unusual account activity or a potential SIM-swap event.

Contact Us

When a Verizon SIM-swap leads to unauthorized access and loss of cryptocurrency, timely and strategic action is critical.

With over six years of experience and a record of handling more than 100 consumer arbitration cases, our firm has pursued claims against major cryptocurrency exchanges as well as leading phone carriers such as Verizon, T-Mobile, and AT&T.

Our attorneys are experienced in navigating proceedings before AAA, JAMS, and NAM, and understand the procedural and strategic nuances that can make or break a case. We also represent victims whose assets were stolen not only from regulated exchanges but also from self-custody wallets like MetaMask and other decentralized platforms.

Reach out to us today to discuss your case and legal options: (212) 457 9797 | info@dilendorf.com.

Attorney Advertising. Prior results do not guarantee a similar outcome. This information is provided for educational purposes and is not legal advice.

When a Verizon Wireless account is compromised—especially through a SIM-swap attack—criminals can gain control of text messages, reset credentials, and drain financial accounts, including cryptocurrency wallets. Verizon’s Customer Agreement requires most disputes to be resolved through individual arbitration rather than litigation in court.

This FAQ explains how the arbitration process works and what customers should know before pursuing a claim.

1) If my Verizon Wireless account was compromised and I suffered losses, what is the process for pursuing a claim?

If unauthorized access to your Verizon Wireless line led to financial loss—including stolen cryptocurrency—your claim will generally proceed through individual arbitration under Verizon’s Customer Agreement.

Verizon explains:

“YOU AND VERIZON BOTH AGREE TO RESOLVE DISPUTES ONLY BY ARBITRATION OR IN SMALL CLAIMS COURT […]”

You cannot bring your claim before a jury, and court litigation is not allowed except in limited small-claims situations.

Before filing arbitration, Verizon requires that you submit a written Notice of Dispute and allow Verizon up to 60 days to attempt informal resolution. If the issue is not resolved, you may then file your arbitration demand.

2) Can I seek compensation from Verizon if a SIM-swap led to crypto or financial losses?

Potentially, yes. SIM-swap incidents can allow criminals to gain control of mobile accounts, reset credentials, access digital wallets, and steal crypto assets.

The arbitration clause applies broadly to:

“[…] any dispute that in any way relates to or arises out of this Agreement […] including any equipment, products and services you receive from us […] [and] alleged […] invasion of privacy […]”

Because SIM-swaps often involve privacy breaches, identity theft, and unauthorized access, they fall within Verizon’s arbitration process. An arbitrator has authority to award damages and other relief.

3) What steps are required before I can file arbitration with Verizon Wireless?

Verizon requires completion of a mandatory informal dispute-resolution process.

According to the Customer Agreement:

“the party seeking arbitration must first notify the other party of the dispute in writing at least 60 days in advance […]”

This Notice must contain enough information for Verizon to evaluate the claim. If Verizon and the customer cannot resolve the dispute within 60 days, then arbitration may proceed.

Failure to follow this process can delay or prevent arbitration from going forward.

4) How do I properly submit Verizon’s Notice of Dispute form?

Verizon requires use of its online Notice of Dispute form.

Notice must be submitted on an individual basis, not as part of a group. If you are represented by an attorney, you must indicate representation and authorize Verizon to speak with counsel about the account.

Our firm assists clients in preparing complete Notices of Dispute.

5) What details and documents should I provide in my Notice of Dispute to Verizon?

Your Notice must include:

“[…] the name of the Verizon wireless account holder, the mobile telephone number at issue, a description of the claim, the specific facts supporting the claim, the damages the party claims to have suffered and the relief the party is seeking.”

Supporting materials can include:

• Account screenshots
• Carrier logs
• Police reports
• Crypto-transaction records
• Identity-theft or fraud reports

6) How long after submitting a Notice of Dispute do I need to wait before filing arbitration?

You must wait 60 days after Verizon receives the Notice of Dispute.

Per Verizon:

“If either party has provided this information and the parties are unable to resolve their dispute within 60 days, either party may then proceed to file a claim for arbitration.”

This 60-day period is mandatory.

7) What is the correct legal entity name to list when filing an arbitration demand against Verizon?

Arbitration demands must name the correct Verizon legal entity:

Cellco Partnership d/b/a Verizon Wireless

Using incorrect entity information can delay or impair the claim.

8) How do I begin arbitration if Verizon does not resolve my claim?

After waiting the required 60 days following Notice submission, you may file arbitration against Cellco Partnership d/b/a Verizon Wireless.

Arbitration is initiated by filing with the American Arbitration Association (AAA) in accordance with the AAA Consumer Arbitration Rules. Your filing should include:

• A description of the claim
• Damages sought
• Supporting documents

Our firm handles AAA filings for clients.

9) Which organization administers arbitration for Verizon Wireless disputes?

Verizon uses the American Arbitration Association (AAA).

“ANY DISPUTE WILL BE RESOLVED BY […] NEUTRAL ARBITRATORS BEFORE THE AMERICAN ARBITRATION ASSOCIATION (‘AAA’).”

If AAA cannot or does not administer the arbitration, the Customer Agreement provides a backup process to select another arbitral forum, including possible appointment by a court.

AAA rules are available at www.adr.org.

10) Where will my arbitration hearing take place, and can it be remote?

Unless the parties agree otherwise, the hearing typically takes place in the county where your billing address is located.

“[…] the arbitration will take place in the county of your billing address […]”

Remote hearings (telephone or video) are available in certain circumstances, particularly for smaller claims.

11) Is my case decided through documents only, or will there be a hearing?

For claims under $25,000, customers can choose the process:

“[…] you can choose whether you’d like the arbitration carried out based only on documents… or by a hearing in person or by phone.”

Larger or more complex claims typically involve a hearing.

12) Do I have to pay filing or arbitration fees, or does Verizon cover them?

Verizon pays virtually all arbitration-related fees.

Per the Customer Agreement:

“Verizon will reimburse any filing fee that the AAA charges you […] Verizon will also pay any administrative and arbitrator fees […]”

This makes arbitration relatively low-cost for consumers.

13) If I win, can I recover attorney’s fees?

Possibly. Verizon states:

“If the law allows for an award of attorneys’ fees, an arbitrator can award them too.”

Arbitrators can also award damages and other relief available under applicable law.

14) Do I need a lawyer to file arbitration against Verizon Wireless?

You are not required to have a lawyer, but having counsel is recommended.

These cases often involve:

• Complex fact patterns
• Blockchain transaction tracing
• Carrier record analysis
• Privacy and identity-theft issues

Experienced counsel improves your ability to present a complete claim and recover losses.
Our firm handles Verizon SIM-swap arbitration matters nationwide.

15) How long does a Verizon Wireless arbitration typically take?

Timeframes vary, but Verizon states that arbitrators should resolve claims:

“[…] within 120 days of appointment or as swiftly as possible thereafter[…]”

With the informal process, filing, discovery, and hearing, most matters take several months to about a year.

Contact Us

When a Verizon SIM-swap leads to unauthorized access and loss of cryptocurrency, timely and strategic action is critical.

With over six years of experience and a record of handling more than 100 consumer arbitration cases, our firm has pursued claims against major cryptocurrency exchanges as well as leading phone carriers such as Verizon, T-Mobile, and AT&T.

Our attorneys are experienced in navigating proceedings before AAA, JAMS, and NAM, and understand the procedural and strategic nuances that can make or break a case. We also represent victims whose assets were stolen not only from regulated exchanges but also from self-custody wallets like MetaMask and other decentralized platforms.

Reach out to us today to discuss your case and legal options: (212) 457 9797 | info@dilendorf.com.

Attorney Advertising. Prior results do not guarantee a similar outcome. This information is provided for educational purposes and is not legal advice.

If your T-Mobile account was compromised—especially due to a SIM-swap attack or unauthorized access—you may be entitled to compensation. Under T-Mobile’s Terms & Conditions (“Terms and Conditions” or “T&Cs”), most disputes must be resolved through individual binding arbitration rather than through court litigation.

This guide explains how to follow the required steps, including sending a Notice of Dispute, serving T-Mobile’s registered agent, and filing your arbitration demand with the American Arbitration Association (AAA).

1) My T-Mobile account was compromised. Can I take T-Mobile to court?

Typically, no. Under T-Mobile’s Terms and Conditions, most disputes must be resolved through individual binding arbitration rather than in court.

T-Mobile states:

“YOU AND WE EACH AGREE THAT, EXCEPT AS PROVIDED BELOW, ALL CLAIMS AND DISPUTES BETWEEN YOU AND T-MOBILE WILL BE RESOLVED BY INDIVIDUAL BINDING ARBITRATION OR IN SMALL CLAIMS COURT.”

This means customers generally cannot file a lawsuit in court, unless a narrow exception applies (e.g., timely opt-out or qualifying small-claims matter).

2) I lost money after a SIM-swap. Can I make T-Mobile pay for my losses?

Potentially, yes. SIM-swap attacks often lead to financial harm, including theft of cryptocurrency or access to financial accounts. These losses may support claims relating to T-Mobile’s privacy or security practices.

The Terms and Conditions expressly cover:

“CLAIMS AND DISPUTES IN ANY WAY RELATED TO OR CONCERNING […] PRIVACY OR DATA SECURITY PRACTICES […] SERVICES, DEVICES, OR PRODUCTS […]”

An arbitrator may award monetary damages and other relief.

3) Does T-Mobile force customers into arbitration?

T-Mobile requires arbitration for nearly all disputes unless the customer properly opted out within 30 days.

“YOU MAY CHOOSE TO PURSUE YOUR CLAIM IN COURT […] IF YOU OPT OUT OF THESE ARBITRATION PROCEDURES WITHIN 30 DAYS […]”

If no timely opt-out was submitted, arbitration applies. Customers may still proceed in small-claims court if eligible.

4) What do I need to do before I can file an arbitration claim?

You must give T-Mobile a chance to resolve the problem informally by sending a Notice of Dispute.

Per the Terms and Conditions:

“For all disputes or claims you have, you must first give us an opportunity to resolve your claim by sending a written description of your claim (‘Notice of Dispute’).”

You must then wait up to 60 days for T-Mobile to respond.

5) What exactly should I say in the Notice of Dispute?

The Notice must include specific details:

“(a) the name of the T-Mobile account holder; (b) billing account number; (c) the mobile telephone number at issue; (d) a written description of the problem, relevant documents and supporting information; and (e) a good faith calculation of the damages […] and […] the specific relief you are seeking.”

If you are represented by counsel, include written authorization allowing T-Mobile to communicate with your attorney. Our firm assists clients by drafting and submitting Notices of Dispute.

6) Where do I send the Notice of Dispute?

T-Mobile directs customers to mail their Notice to:

T-Mobile Customer Relations
P.O. Box 37380
Albuquerque, NM 87176-7380

Per the Terms and Conditions:

“Mail notices are considered delivered 3 days after mailing.”

We recommend certified or trackable mail.

7) What happens after T-Mobile receives my Notice of Dispute?

You and T-Mobile have 60 days to try to resolve the issue.

The Terms and Conditions explain:

“[…] neither of us may commence any arbitration […] unless you and we are unable to resolve the claim(s) within 60 days after receipt of the Notice of Dispute […]”

T-Mobile may request additional information or discuss settlement. If no resolution is reached, you may proceed to arbitration.

8) How long do I have to wait before filing arbitration?

You must wait 60 days after T-Mobile receives your Notice of Dispute. If the claim remains unresolved after 60 days, arbitration may be initiated.

9) How do I officially start the arbitration process?

Arbitration begins when you both:

• Send a letter requesting arbitration to T-Mobile’s registered agent, and
• File with the American Arbitration Association (AAA)

The Terms and Conditions provide:

“To begin arbitration, you must send a letter requesting arbitration and describing your claim to our registered agent […] and to the American Arbitration Association (‘AAA’).”

T-Mobile identifies its registered agent as:

“Corporation Service Company […] 1-833-441-2890.”

Our firm handles this process for clients.

10) Who actually runs the arbitration?

The arbitration is administered by the American Arbitration Association (AAA) under its Consumer Arbitration Rules.

“The arbitration of all disputes will be administered by the AAA under its Consumer Arbitration Rules […]”

AAA oversees arbitrator appointment and case management.

11) Where will my arbitration hearing take place?

Under the Terms and Conditions:

“Arbitration or court proceedings must be in the county and state or jurisdiction in which your billing address […] is located […]”

Remote hearings may be available.

12) Who picks the arbitrator — me or T-Mobile?

Both parties participate in selection. The AAA provides a list of candidates, and each side can strike and rank individuals.

The Terms and Conditions specify:

“The AAA will send the parties a list of five candidates;[…] each party shall […] strike up to two candidates, and rank the remaining candidates […] [and] the AAA shall appoint as arbitrator the candidate with the highest aggregate ranking.”

13) How much does arbitration cost?

To begin an arbitration against T-Mobile, the consumer filing fee with the American Arbitration Association (AAA) is $225 under the AAA Consumer Arbitration Rules.

14) Can I get my attorneys’ fees paid if I win?

Yes. The arbitrator may award:

“[…] any relief that would be available in a court, including injunctive or declaratory relief and attorneys’ fees.”

15) Can I handle the arbitration myself without a lawyer?

It is legally allowed, but not recommended. Arbitration is a formal legal process involving written submissions, document exchange, expert evidence, and a hearing.

Dilendorf Law Firm routinely represents individuals in SIM-swap and digital-asset arbitration matters and can manage the full process on your behalf.

Contact Us

When a T-Mobile SIM-swap results in unauthorized access and the loss of cryptocurrency, taking timely and strategic action is critical. Our firm represents clients in arbitration and develops comprehensive, evidence-based claims to help pursue recovery.

With over six years of experience and a record of handling more than 100 consumer arbitration cases, our firm has pursued claims against major cryptocurrency exchanges as well as leading phone carriers such as Verizon, T-Mobile, and AT&T.

Our attorneys are experienced in navigating proceedings before AAA, JAMS, and NAM, and understand the procedural and strategic nuances that can make or break a case. We also represent victims whose assets were stolen not only from regulated exchanges but also from self-custody wallets like MetaMask and other decentralized platforms.

Reach out to us today to discuss your case and legal options: (212) 457 9797 | info@dilendorf.com.

Attorney Advertising. Prior results do not guarantee a similar outcome. This information is provided for educational purposes and is not legal advice.

When Michael Terpin’s SIM card was fraudulently swapped in January 2018, attackers gained control of his mobile number, intercepted password resets, accessed his cloud storage, and stole approximately $24 million in digital assets.

After years of litigation, Terpin v. AT&T is scheduled for jury trial in March 2026. This case is expected to play a pivotal role in defining the scope of telecom carriers’ responsibilities in SIM-swap incidents—and could give self-custody wallet users a viable legal path to recovery.

The Unique Challenges Faced by Self-Custody Wallet Users

Victims of SIM-swap attacks who store digital assets in self-custody wallets such as MetaMask, Trust Wallet, or hardware wallets face significant legal obstacles:

• No custodian to recover funds. Because self-custody wallets are non-custodial, no entity holds the assets or has the ability to reverse unauthorized transactions.
• Limited claims against wallet providers. Wallet software providers generally disclaim liability and are not responsible for losses resulting from theft.
• Exchanges often are not involved. In many cases, stolen assets never touch a regulated exchange, leaving victims with no practical recovery option.
• Barriers under state law. Negligence or contract claims against carriers are often blocked by liability waivers and the economic loss rule.

The Terpin case changes this legal landscape by focusing on a federal statutory duty under the Communications Act.

Section 222: A Federal Privacy Duty

Section 222 of the Communications Act of 1934 (47 U.S.C. § 222) requires telecom carriers to protect the confidentiality of Customer Proprietary Network Information (CPNI).

In September 2024, the Ninth Circuit ruled that a carrier may violate Section 222 not only by directly disclosing CPNI but also by “permitting access” to it through inadequate authentication procedures.

If a carrier approves a SIM swap without taking reasonable measures to verify identity, it may be held liable under federal law. On July 16, 2025, the district court partly denied AT&T’s renewed summary-judgment motion on the Section 222 claim, clearing the case for trial.

“[…] there is sufficient evidence before the Court for a reasonable juror to find that AT&T failed to ‘take reasonable measures [. . .] to protect against’ unauthorized disclosure and ‘properly authenticate’ Terpin’s identity before allowing access to his CPNI via the fraudulent SIM swap.”

This is significant for self-custody wallet holders because Section 222 claims are not limited by contractual liability waivers and are not barred by the economic loss rule.

Why Carriers Are Often the Most Effective Legal Target

In SIM-swap incidents, the carrier is the critical control point. A fraudulent SIM change typically triggers the entire chain of events:

1. Number is ported without proper verification.
2. Attackers intercept SMS or email reset codes.
3. Credentials or seed phrases are accessed through cloud or email accounts.
4. Digital assets are stolen from self-custody wallets.

Because carriers control the SIM-swap process, they are often the most direct and practical defendant. Unlike wallet providers, carriers have a clear statutory duty and maintain authentication logs and procedures that can be challenged in litigation or arbitration.

The Central Questions at the 2026 Trial

The upcoming Terpin trial is expected to address several key issues:

• Causation: Whether a carrier’s failure to properly authenticate a SIM swap foreseeably leads to cryptocurrency theft.
• Scope of liability: How broadly courts will interpret “permitting access” under Section 222.
• Industry impact: Whether carriers must strengthen their SIM-swap protocols and authentication controls nationwide.

A Turning Point for SIM-Swap Victims

Terpin v. AT&T could establish a meaningful precedent for SIM-swap victims, particularly for individuals who lost assets from self-custody wallets.

For years, these victims had few options for recovery. Now, federal law under Section 222 provides a potential basis to hold carriers accountable when inadequate authentication allows attackers to compromise critical accounts.

Dilendorf Law Firm Representation

At Dilendorf Law Firm, we represent clients who have been targeted by SIM-swap attacks and other forms of cyber fraud.

With over six years of experience and a record of handling more than 100 consumer arbitration cases, we have successfully pursued claims against major cryptocurrency exchanges, such as Coinbase, and leading phone carriers such as Verizon, T-Mobile, and AT&T.

Our attorneys are skilled in navigating proceedings before all major arbitration forums, including AAA, JAMS, and NAM.

We also represent victims whose digital assets were stolen not only from regulated exchanges but also from self-custody wallets like MetaMask and other decentralized platforms.

In high-stakes cases, we advise and coordinate with U.S. law enforcement and investigative agencies—including the FBI, Department of Homeland Security (DHS), and the Secret Service—as part of broader recovery strategies and criminal investigations into cybercrime.

If you have suffered losses due to a SIM swapping incident or other cyber fraud, contact us to discuss your case and options for recovery.

Email: info@dilendorf.com | Phone: 212.457.9797

Disclaimer: This summary is based on public records and does not constitute legal advice. Dilendorf Law Firm is not counsel of record for Michael Terpin, and his case is in no way affiliated with our firm.

In the high-stakes realm of cryptocurrency investment, SIM swap fraud poses a severe threat, allowing hackers to hijack phone numbers and drain digital wallets. Victims often pursue negligence claims against phone carriers, alleging failures in security, employee oversight, and fraud prevention.

However, courts may decline these claims, often relying on the economic loss rule and the absence of an independent duty beyond contractual obligations.

The Terpin v. AT&T Mobility, LLC case, alongside other rulings, exemplifies this judicial trend.

Understanding Negligence in SIM Swap Cases

Negligence requires proving: (1) a duty of care; (2) breach of that duty; (3) causation; and (4) damages.

In SIM swap litigation, plaintiffs assert that carriers owe a duty to protect account security through robust PIN systems, employee training, and monitoring of authorized retailers.

Michael Terpin, in his August 2018 complaint, alleged negligence (Count 10), negligent supervision and training (Count 11), and negligent hiring (Count 12), claiming AT&T’s lapses enabled a $24 million crypto theft.

His Second Amended Complaint (SAC) in March 2020 refined these into Counts 5–7, emphasizing AT&T’s “strict duty” under federal law and its Privacy Policy to safeguard customer proprietary network information (CPNI).

Yet, courts often limit this duty to contractual terms. The economic loss rule bars recovery for economic damages (e.g., stolen cryptocurrency) absent physical harm or an independent tort duty, preserving contract law’s boundaries. Carriers argue their obligations end with service agreements, not tort liability.

Terpin v. AT&T: A Clear Dismissal of Negligence Claims

Terpin’s case stemmed from a January 2018 SIM swap—the second targeting his AT&T account. Hackers, led by Ellis Pinsky, bribed a Connecticut retailer employee to reassign Terpin’s number, intercepting password resets to access his OneDrive and cryptocurrency wallets.

Terpin’s 2018 complaint highlighted AT&T’s prior 2017 fraud awareness and inadequate response, while the SAC detailed the carrier’s failure to learn from a 2013 FCC consent decree fining it $25 million for data breaches.

The U.S. District Court for the Central District of California granted summary judgment on Terpin’s negligence claims in March 2023, finding no duty beyond the Wireless Customer Agreement.

The July 16, 2025, order reinforced this: “Plaintiff Michael Terpin sued Defendant AT&T Mobility LLC after bad actors gained control over his cell phone number through a fraudulent ‘SIM swap’ and used that control to steal his cryptocurrency. The Ninth Circuit affirmed dismissal of Terpin’s fraud and punitive damages claims and affirmed summary judgment for AT&T on Terpin’s negligence, breach of contract, and declaratory relief claims.” The court applied California’s economic loss rule, rejecting a fiduciary duty based on Terpin’s fraud history as a commercial, not special, relationship.

The Ninth Circuit’s September 2024 ruling (Terpin v. AT&T Mobility, LLC, 118 F.4th 1102 (9th Cir. 2024)) upheld this, stating Terpin’s negligence claims were “foreclosed” for lacking independence from the contract.

As the court explained in its opinion, “The panel affirmed the district court’s summary judgment on Terpin’s negligence claims […]” and emphasized that “Terpin’s negligence claims rest on AT&T’s alleged duty to adequately protect Terpin’s account information. But he fails to identify a duty ‘independent of’ the contract.”

The panel further stated, “To impose a tort duty in such circumstances would go further than creating obligations unnegotiated or agreed to by the parties; it would dictate terms that are contrary to the parties’ allocation of rights and responsibilities.” The court also declined to find an independent duty under Section 222 of the FCA, stating, “We decline to hold that Section 222 imposes a duty of care giving rise to a state-law negligence claim,” as no authority supported transforming the statutory confidentiality duty into a California negligence basis.

Only Terpin’s FCA claim, based on alleged unauthorized CPNI access, proceeded to remand.

Implications for Victims: Overcoming Legal Barriers

Negligence claims in Terpin faltered due to the economic loss rule, which requires an independent duty beyond the contract—a threshold not met despite Terpin’s prior fraud alerts.

Proximate cause also proved elusive, as the 2025 order noted: “Terpin does not seriously dispute that the FCA incorporates a proximate cause requirement.” This shifts focus to statutory remedies like the FCA, where the court found “Terpin raised a triable issue of material fact as to whether AT&T violated the FCA.”

Navigating legal differences across states can make things tricky. California’s strict economic loss rule often limits recovery to cases with physical damage, making it tough to win negligence claims for financial losses like stolen crypto.

In contrast, states like North Carolina or Washington sometimes take a more flexible approach, occasionally recognizing that carriers might have wider responsibilities in similar situations.

To boost your chances, keep detailed records of every interaction with your carrier—such as fraud reports, security upgrade requests, and employee responses. However, succeeding still hinges on finding solid legal grounds, like statutory protections or contract terms, which can be a challenge.

Contact Us

At Dilendorf Law Firm, we represent clients who have been targeted by SIM-swap attacks and other forms of cyber fraud.

With over six years of experience and a record of handling more than 100 consumer arbitration cases, we have successfully pursued claims against major cryptocurrency exchanges—including Coinbase—and leading phone carriers such as Verizon, T-Mobile, and AT&T.

Our attorneys are skilled in navigating proceedings before all major arbitration forums, including AAA, JAMS, and NAM.

We also represent victims whose digital assets were stolen not only from regulated exchanges but also from self-custody wallets like MetaMask and other decentralized platforms.

In high-stakes cases, we advise and coordinate with U.S. law enforcement and investigative agencies—including the FBI, Department of Homeland Security (DHS), and the Secret Service—as part of broader recovery strategies and criminal investigations into cybercrime.

If you have suffered losses due to a SIM swapping incident or other cyber fraud, contact us to discuss your case and options for recovery.

Email: info@dilendorf.com | Phone: 212.457.9797

This summary is based on public records and does not constitute legal advice. Dilendorf Law Firm is not counsel of record for Michael Terpin, and his case is in no way affiliated with our firm.

When a SIM swap or port-out happens, the carrier’s notices and internal records are your earliest, most objective evidence.

They show when the request was made, how it was authenticated, what the carrier told you (and when), and whether any account-lock was available or enabled.

If your crypto or funds were later stolen—from a self-custody wallet (MetaMask, Phantom) or a regulated exchange—those artifacts become the backbone of your case.

In arbitration, the decision maker isn’t guessing; they’re reconstructing a timeline: service loss → SIM/port change → login/reset events → withdrawals.

Carrier notices and logs anchor that timeline and help prove causation—that control of your number enabled password resets, SMS 2FA interception, or account recovery into your wallet or exchange.

They also speak to carrier compliance with required pre-change notifications and authentication, and they document your own reasonable steps to secure the account and respond quickly.

Practically, this evidence gives you leverage across the board: it helps exchanges escalate your claim, supports law-enforcement reports, and frames arbitration arguments about what should have happened versus what actually happened.

Preserve every notice and demand written confirmation from the carrier now; if you wait, logs roll off, memories fade, and your best proof disappears.

Dilendorf Law Firm has represented SIM-swap victims nationwide since 2019 and arbitrated 100+ crypto-cyber matters. Below is your playbook: what rules apply, what to request, and how to keep it admissible, organized, and useful for arbitration.

What Carriers Must Tell You

1) Pre-change notice for SIM swaps.
Federal rules require your wireless carrier to notify you before it completes a SIM change:

“Upon receiving a SIM change request, and before effectuating the request, a CMRS provider shall provide immediate notification to the customer that a SIM change request associated with the customer’s account was made, delivered in accordance with customer preferences, if indicated, and using means reasonably designed to reach the customer associated with the account and clear and concise language that provides sufficient information to effectively inform a customer that a SIM change request involving the customerer’s SIM was made, except if the SIM change request was made in connection with a legitimate line separation request pursuant to 47 U.S.C. § 345…”

2) Written proof of fraud on request.
If you’re a victim, you’re entitled to documentation from the carrier:

“Promptly provide customers, upon request, with documentation of fraudulent SIM changes involving their accounts.” Federal Communication Commission Report.

3) Account-lock option.

Carriers must offer a no-cost “lock” that blocks SIM changes until you unlock it:

“A CMRS provider shall offer customers, at no cost, the option to lock their accounts to prohibit… SIM change[s].” Federal Communication Commission Report.

4) Baseline account-change notice (long-standing rule).
Separate CPNI rules require immediate notice when certain account details are changed:

“Telecommunications carriers must notify customers immediately whenever a password… online account, or address of record is created or changed.” 47 CFR Parts 52 and 64.

5) Port-out (number transfer) protections.
For number port-outs, carriers must authenticate you before the port:

“A CMRS provider shall use secure methods to authenticate… before effectuating a port-out request.” 47 CFR § 52.37

The FCC also adopted pre-port notice:

“…require wireless providers to provide immediate notification… whenever a port-out request is made… before a provider effectuates a port.” Federal Communications Commission Report – in the Matter of Protecting Customers from Sim Swap and Port Out Fraud.

6) The statute behind these rules.

All of this sits on 47 U.S.C. § 222, which imposes a general duty:

“Every telecommunications carrier has a duty to protect the confidentiality of… customers…”

If you didn’t receive a pre-change notice, what to demand (in writing)

If your number was hijacked (SIM swap or port-out) and crypto was drained from a self-custody wallet (MetaMask or Phantom) or a regulated exchange:

Ask the carrier (in writing) for:

1. Event confirmation with timestamps
   • The exact date/time of the SIM change or port-out and how it was processed (in-store, app, online, call).
   • Cite the notice rule: “before effectuating the request… provide immediate notification.” Save the carrier’s explanation of what was or wasn’t sent.
2. Authentication details used
   • What method(s) the carrier used to verify identity. (For port-outs, the carrier must use secure methods “before effectuating” the port.)
3. Copies/logs of the customer notice
   • When the notice was sent, to which destination(s), and the content/template used (you’re checking the “means reasonably designed to reach the customer” and clear language).
4. Fraud documentation letter
   • Request the rule-based fraud documentation (“promptly provide customers, upon request, with documentation of fraudulent SIM changes”). This is critical evidence for exchanges and arbitration.
   • For port-outs, the FCC likewise required prompt documentation for victims in its order.
5. Account-lock status
   • Ask whether an account/SIM lock was available and active; the rule says carriers must offer a no-cost lock to block SIM changes.

Preserve everything for exchanges and arbitration

Create one folder and save:

• Carrier notice(s), carrier written responses, case/ticket numbers.
• Timestamps for service loss, SIM/port event, logins, withdrawals.
• Exchange TXIDs, login IPs/devices, and support emails.
• IC3 and police reports, plus any forensic or device-remediation reports.

Arbitrators and exchange fraud teams will expect to see: (a) what the carrier should have sent before the change; (b) what was actually sent; and (c) the written documentation of fraud the rules say you can request.

Need help? Free consultation for SIM-swap victims

If you were the victim of a SIM swap or device/phone takeover through Verizon, AT&T, or T-Mobile and your crypto was stolen from a self-custody wallet (e.g., MetaMask, Phantom, etc.) or a regulated exchange (e.g., Coinbase, Kraken, Binance, Uphold, Crypto.com), contact Dilendorf Law Firm for a free, confidential consultation.

We’re NY-based, represent clients nationwide, and have 6+ years arbitrating complex crypto-cyber matters, including SIM-swap disputes against major U.S. carriers and exchange-related claims.

We’re NY-based, represent clients nationwide, and have 6+ years arbitrating complex crypto-cyber matters, including SIM-swap disputes against major U.S. carriers.

We can help you:

• Demand and preserve carrier notices and fraud documentation (e.g., under 47 C.F.R. §§ 64.2010(h), 52.37).
• Organize exchange records and on-chain evidence.
• Prepare IC3/police filings and an arbitration-ready timeline.
• Evaluate your legal options and map a strategy.

Contact: info@dilendorf.com | | (212) 457-9797

Attorney Advertising. Past results do not guarantee a similar outcome.

When crypto is stolen from a hosted exchange account, does the Electronic Fund Transfer Act (EFTA) apply? Two Southern District of New York judges—ruling just twelve days apart on cases against Uphold, a custodial cryptocurrency platform—gave very different answers.

The Split Decisions

• August 11, 2023 — Yuille v. Uphold HQ Inc. (Judge Lewis J. Liman), Case No. 1:22-cv-07453-LJL
  Judge Liman held that the plaintiff’s Uphold account was not an EFTA “account” because it was opened primarily for investment. On that basis, the court did not decide whether crypto counts as “funds” under the statute.
• August 23, 2023 — Nero v. Uphold HQ Inc. (Judge Denise Cote), Case No. 22-cv-1602 (DLC)
  Judge Cote read EFTA broadly, rejected the idea that a profit motive disqualifies a consumer account, and allowed the EFTA claim to move forward (though she dismissed actual damages at the pleadings stage).

What the statute says (15 U.S.C. § 1693a)

• “Electronic fund transfer.”
  “Any transfer of funds […] initiated through an electronic terminal, telephonic instrument, or computer […] so as to order, instruct, or authorize a financial institution to debit or credit an account,” with specific exclusions (e.g., certain securities or commodities transactions). 15 U.S.C. § 1693a(7).
• “Account.”
  “A demand deposit, savings deposit, or other asset account … established primarily for personal, family, or household purposes.” 15 U.S.C. § 1693a(2).

EFTA and Regulation E impose strict error-resolution duties and can award enhanced damages when an institution fails to investigate in good faith or to provisionally recredit. 15 U.S.C. §§ 1693f, 1693m(a).

Position A — Nero (Judge Denise Cote)

• “An asset account covered by the EFTA may be an account holding investments from which the individual hopes to gain a profit for herself or her family.”
• “Only the transactions involving the purchase and sale of regulated securities are excluded; the asset accounts holding those investments are not excluded.”
• “The fact that Congress has not amended the EFTA to add an explicit reference to cryptocurrency does not alter the Court’s duty to construe the statute as written.”

For Judge Cote, EFTA is technology-neutral. A personal account doesn’t lose protection just because it is also used for investing.

Note: The Nero case later settled in October 2024, with approval of $500,000 in statutory damages plus $320,000 in fees/administration — $820,000 total.

Position B — Yuille (Judge Lewis J. Liman)

• “The Court […] need not determine whether the term ‘funds’ […] includes cryptocurrency […] because the Court finds that the Account is not an ‘account’ within the meaning of the EFTA.”
• “The purpose for which the Account was established was for investment, which has an inherent profit motive.”

Judge Liman highlighted the plaintiff’s own pleadings: the account was opened “to hold Bitcoin,” “to sell and reduce to dollars,” and “to trade crypto coins.” That, he said, is different from a personal checking account used for paychecks, rent, or groceries.

For Judge Liman, if the account was opened primarily for investment, it is not an EFTA “account.” The court therefore avoided the question of whether crypto itself qualifies as “funds.”

The Dissonance & Why It Matters

• Are crypto transfers “funds”?

Judge Cote in Nero emphasized that what matters is how the transfer happens—electronically—not what asset is being moved. Judge Liman in Yuille sidestepped that issue, leaving the “funds” question unresolved.

• What counts as a covered account?

Nero held that a personal account remains protected even if the user hopes to profit from it. Yuille took the opposite approach: if the account was opened primarily to invest, it falls outside EFTA’s consumer protections.

• Practical takeaway.

A consumer’s ability to invoke EFTA may turn on the story told about the account’s purpose. Was it for household or everyday use, or framed as an investment vehicle? That framing can make the difference between having federal protections—or not.

Contact Us

At Dilendorf Law Firm, we represent clients targeted by unauthorized crypto transfers and SIM-swap attacks. With more than six years of experience and over 100 consumer arbitrations, we have pursued claims against major cryptocurrency exchanges—including Coinbase—and leading carriers such as Verizon, T-Mobile, and AT&T.

Our attorneys regularly appear before AAA, JAMS, and NAM, and we also represent victims whose assets were taken from self-custody wallets (e.g., MetaMask) and other decentralized platforms. In high-stakes matters, we coordinate with U.S. law-enforcement and investigative agencies—including the FBI, Department of Homeland Security (DHS), and the Secret Service—as part of broader recovery strategies.

If you suffered losses due to a SIM-swap or a cyber fraud, contact us to discuss your case and recovery options.

Email: info@dilendorf.com | Phone: (212) 457-9797

This article is a public-record summary and does not constitute legal advice. We are not counsel of record, and the referenced cases are not affiliated with Dilendorf Law Firm.