BitAngels’ Michael Terpin: Negligence of Major Phone Companies Is Crypto’s Biggest Threat
This interview has been edited and condensed.
Michael Terpin is an American blockchain and crypto investor who has worked with over 100 projects running Initial Coin Offerings (ICOs) since entering the blockchain space in early 2013.
Terpin co-founded BitAngels in 2013 and, more recently, founded blockchain PR firm Transform Group. The investor and entrepreneur recently hit mainstream and crypto media headlines following his high profile case against U.S. telecom giant AT&T. Terpin is suing AT&T for negligence that allegedly resulted in the theft of over $24 million of Terpin’s crypto holdings.
Cointelegraph sat down with Terpin at BlockShow Americas in Las Vegas to get into the details of the case, discuss the current ICO landscape, the difference between centralized and decentralized cryptocurrencies and where he sees Bitcoin’s price three to five years from now.
Crypto’s Biggest Threat
Olivia Capozzalo: The story that is going on right now with AT&T — can you tell our readers what happened?
Michael Terpin: Sure. So, the entire crypto community has been targeted by gangs — crypto gangs — for quite some time, and it accelerated as the price of Bitcoin and other crypto assets went up.
Right now, the biggest risk to anybody who's high profile in the crypto industry, and really anybody who has identifiable involvement in the community, is that major phone companies promise you security and don't deliver it.
So, I've been hacked twice: The first time was last year — it's all in my lawsuit. I did not lose that much the first time, I thought my crypto assets were already pretty secure because I have all my major assets in bank vaults and Trezors and Ledgers. But as an investor and marketer in this space, I have, you know, dozens of different cryptocurrencies that don't neatly fit into any of those profiles.
The only reason that they did get in there is because AT&T allowed one of their reps in a store in Connecticut to give my six-digit code that they told me when I requested a higher level of authorization of security.
What they did not say is that any low-level, $10-an-hour store clerk can override that authorization. Normally, when you think that there's a password that is supposed to be a high-level password to protect you, it would be like a PIN number in a bank.
So, only one of two things is possible: Either the person is a complete idiot and cooperating with the hackers unknowingly — which still shouldn't have been allowed under the way that they promised it to me — or he's part of the gang and just got bribed.
And there's a lot of evidence that this is going on pretty widely right now.
OC: I want to walk through this step-by-step, because I think that helps people also understand how they can prevent this kind of thing, if that’s even possible.
So, what that looks like, you're saying, is that a person goes into a physical AT&T store and says that they're you?
MT: That's correct. Or they pretended someone is in there, and they scanned, you know, a subway card and said it didn't scan, and then did a manual override.
It's quite possible the AT&T rep did it with nobody actually in the store at all. You know, case after case is coming out, and there've been several arrests in July that all have in common AT&T employees who were basically bribed.
You can watch the full interview here:
OC: Okay. Say this person gets access to your identity, they're getting access to your phone number on a different phone, right?
MT: When an AT&T rep turns over your digital identity, they turn over anything that would have access to your phone number.
OC: Basically what happens is that they now have access to change your passwords, because they just confirm with the phone number?
MT: They have access to anything that has the phone number attached to it as a form of verification, which is much broader than wallets.
OC: Right. So, it can be a two-factor thing, but it wouldn't be Google 2FA...
MT: This was not an exchange. So, there are many other pieces of software that have your phone number as your identity.
OC: Okay, right. So, at the end of the day though, we're talking about millions, like, $20 million, right?
OС: $24 million, I believe. Not to be offensive, but why was that much money in a place that was accessible by a phone number?
MT: It should not have been accessible other than being broken into and being handed over, and having the hackers be able to go and prowl around all sorts of things that were within my network of computers.
Because they were able to get access to that through this. So, it wasn't as simple as — and it wasn't, as has been misreported — "Oh, I had a Coinbase account, and they were able to reset that.” That was not an exchange, it was a native wallet.
OC: A native wallet. Because, what you're saying is that you couldn't store these currencies in a cold storage?
Most of the smaller tokens – anything that’s not Bitcoin, or Ethereum or ERC-20 tokens – are not storable on cold storage; they have to be stored in, you know, in a paper wallet or, in order to be able to stake new tokens, they have to be stored, essentially, in the native wallet.
OC: Okay so, now that you're going through this nightmare with AT&T, can you give some advice to investors overall?
Sure. I would say, if you are a recognizable person in the crypto industry, you can't use any of the major four phone companies, period.
If you for some reason need to use them, you have to make sure that any time that you use any piece of software that ever asks your phone number, do not give AT&T or any of the other ones.
So, the ways of getting around this — which is what I do now — is you have to have a Google Voice number.
But you have to have something that does not have a retail store where a $10-an-hour employee can be bribed to give up your information and your digital life.
OC: And you see this as an organized effort, you said, organized crime?
MT: Yes, clearly organized. There are hundreds of millions of people involved.
So, this is not an isolated incident — these are international gangs.
The FBI are very good at sort of following the trail and they'll do what they do. And I'm certainly working with all of those law enforcement agencies. I have been doing that since the day this happened.
But, just to clarify, do you see this issue with telecom companies as being bigger than crypto-jacking?
MT: Bigger. Much bigger.
It's SIM-jacking, basically, that’s the biggest threat to individual assets right now.
And it's something that is surprisingly simple for these telcomm companies to fix — simply: If you're promising someone, you know, a higher security password, don't let it be overruled by a $10-an-hour employee, make it mandatory.
Today’s ICO Landscape
OC: You've been an investor in the blockchain space for a while, and you have invested in a bunch of ICOs, you mentioned a hundred?
MT: Yes, between PR services and me being an advisor to companies, my firm and I have worked with 103 ICOs.
OC: Wow! A lot of people say the heyday of the ICOs was last year, the year before. Can you sketch out what is happening right now with ICOs that you're seeing, and if you think it's a good thing?
MT: You know, I think that when we're talking about the death of the ICO and this and that, I think it's too early to say that. I mean, if you take out the infrastructure tokens, I think security tokens will be much larger than utility tokens, because we just don't have the formats in place right now.
Because there's no reason why — other than the legacy systems — you can't buy Google stock easily in France, or why you can't buy Samsung stock on the New York Stock Exchange.
If you had a token, its global. So, that's sort of the future that regulators just have to keep up, with how this applies cross-borders.
But it's still very early. You know, I like to give the analogy — even though it's not exact — of the rise of the internet and the rise of blockchain. So, with the rise of the internet, there was a lot of skepticism in the early days, that the internet wasn’t viable.
So, all the stuff that was said about why the internet wasn't gonna work, insert ‘crypto’ and a lot of things sound a lot the same.
And then, of course, there was a couple of early movements up and down, and then you had this wild ride from like '98 to the first quarter of 2000, where the Nasdaq went from 1,000 to 5,000 — and, by the peak, when the dotcom bubble popped — you had $5 trillion dollars worth of companies, and that dropped by like 90 percent — a lot of them went out of business.
So, the rising tide lifts all boats, but then, when the water drops to the bottom, you can see all the junk at the bottom of the harbor — and it's got to be cleared out before it starts going up again.
I think, if you look at the overall chart of Amazon, of eBay, of these other ones, the whole dotcom area now looks like a little tiny blip in the price compared to where it is today. So, I think, similarly, you may be looking at Ethereum, five years from now and seeing this you know 30 cents to $1200 and back down to $300 as a blip, if it's say $15,000, you know, five years from now, 10 years from now.
I do pretty firmly believe that Bitcoin — it is my own personal belief — will hit a high of at least $50,000 sometime in the next three to five years.
And it seems to be the most predictable thing in terms of the way markets have behaved, that you have a big run-up about a year after the halving, when the supply and demand starts taking root.
Centralized vs. Decentralized
OC: Where do you stand on decentralized versus centralized cryptocurrencies?
MT: I think that when you're looking at the overall revolution of the blockchain, decentralization is only one of many aspects that makes it revolutionary. Tokenization is just as important.
So, when you're talking about, say, tokenizing a stock — it's not decentralized. I think, that decentralization makes the most sense when you're talking about cross-border payments.
But in terms of the actual technology, the decentralization of Bitcoin is less important than that of cryptocurrencies that base themselves on decentralized consensus, that's important for the security of knowing that a smart contract cannot be stopped once it gets initiated.
Ideally, the proper way that I think most DApps should work is that you should have a nonprofit foundation that basically is just responsible for having that technology proliferate, and that there should be, then, a for-profit that uses it — that buys the tokens. And that way, you're sort of keeping the incentives of those who are looking to build a stack separate from those who are keeping the blockchain.
But pure decentralization is tough when you incorporate even some security elements. But I think they'll develop over time. And again, tokenization is just as important in broad, non-money transference instances.