Why Terpin v. AT&T Matters for Self-Custody Wallet Users

October 10, 2025 | By: Max Dilendorf, Esq.

Max Dilendorf, Esq.

When Michael Terpin’s SIM card was fraudulently swapped in January 2018, attackers gained control of his mobile number, intercepted password resets, accessed his cloud storage, and stole approximately $24 million in digital assets.

After years of litigation, Terpin v. AT&T is scheduled for jury trial in March 2026. This case is expected to play a pivotal role in defining the scope of telecom carriers’ responsibilities in SIM-swap incidents—and could give self-custody wallet users a viable legal path to recovery.

The Unique Challenges Faced by Self-Custody Wallet Users

Victims of SIM-swap attacks who store digital assets in self-custody wallets such as MetaMask, Trust Wallet, or hardware wallets face significant legal obstacles:

No custodian to recover funds. Because self-custody wallets are non-custodial, no entity holds the assets or has the ability to reverse unauthorized transactions.
Limited claims against wallet providers. Wallet software providers generally disclaim liability and are not responsible for losses resulting from theft.
Exchanges often are not involved. In many cases, stolen assets never touch a regulated exchange, leaving victims with no practical recovery option.
Barriers under state law. Negligence or contract claims against carriers are often blocked by liability waivers and the economic loss rule.

The Terpin case changes this legal landscape by focusing on a federal statutory duty under the Communications Act.

Section 222: A Federal Privacy Duty

Section 222 of the Communications Act of 1934 (47 U.S.C. § 222) requires telecom carriers to protect the confidentiality of Customer Proprietary Network Information (CPNI).

In September 2024, the Ninth Circuit ruled that a carrier may violate Section 222 not only by directly disclosing CPNI but also by “permitting access” to it through inadequate authentication procedures.

If a carrier approves a SIM swap without taking reasonable measures to verify identity, it may be held liable under federal law. On July 16, 2025, the district court partly denied AT&T’s renewed summary-judgment motion on the Section 222 claim, clearing the case for trial.

“[…] there is sufficient evidence before the Court for a reasonable juror to find that AT&T failed to ‘take reasonable measures [. . .] to protect against’ unauthorized disclosure and ‘properly authenticate’ Terpin’s identity before allowing access to his CPNI via the fraudulent SIM swap.”

This is significant for self-custody wallet holders because Section 222 claims are not limited by contractual liability waivers and are not barred by the economic loss rule.

Why Carriers Are Often the Most Effective Legal Target

In SIM-swap incidents, the carrier is the critical control point. A fraudulent SIM change typically triggers the entire chain of events:

Number is ported without proper verification.
Attackers intercept SMS or email reset codes.
Credentials or seed phrases are accessed through cloud or email accounts.
Digital assets are stolen from self-custody wallets.

Because carriers control the SIM-swap process, they are often the most direct and practical defendant. Unlike wallet providers, carriers have a clear statutory duty and maintain authentication logs and procedures that can be challenged in litigation or arbitration.

The Central Questions at the 2026 Trial

The upcoming Terpin trial is expected to address several key issues:

Causation: Whether a carrier’s failure to properly authenticate a SIM swap foreseeably leads to cryptocurrency theft.
Scope of liability: How broadly courts will interpret “permitting access” under Section 222.
Industry impact: Whether carriers must strengthen their SIM-swap protocols and authentication controls nationwide.

A Turning Point for SIM-Swap Victims

Terpin v. AT&T could establish a meaningful precedent for SIM-swap victims, particularly for individuals who lost assets from self-custody wallets.

For years, these victims had few options for recovery. Now, federal law under Section 222 provides a potential basis to hold carriers accountable when inadequate authentication allows attackers to compromise critical accounts.

Dilendorf Law Firm Representation

At Dilendorf Law Firm, we represent clients who have been targeted by SIM-swap attacks and other forms of cyber fraud.

With over six years of experience and a record of handling more than 100 consumer arbitration cases, we have successfully pursued claims against major cryptocurrency exchanges, such as Coinbase, and leading phone carriers such as Verizon, T-Mobile, and AT&T.

Our attorneys are skilled in navigating proceedings before all major arbitration forums, including AAA, JAMS, and NAM.

We also represent victims whose digital assets were stolen not only from regulated exchanges but also from self-custody wallets like MetaMask and other decentralized platforms.

In high-stakes cases, we advise and coordinate with U.S. law enforcement and investigative agencies—including the FBI, Department of Homeland Security (DHS), and the Secret Service—as part of broader recovery strategies and criminal investigations into cybercrime.

If you have suffered losses due to a SIM swapping incident or other cyber fraud, contact us to discuss your case and options for recovery.

Email: info@dilendorf.com | Phone: 212.457.9797

Disclaimer: This is a public-record summary, not legal advice. We are not counsel of record and this case is not affiliated with Dilendorf Law Firm in any way.

Facebook

Twitter

This article is provided for your convenience and does not constitute legal advice. The information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Prior results do not guarantee a similar outcome.