Member of group connected to multimillion-dollar cryptocurrency theft sentenced
A member of an international group of cybercriminals who called themselves “The Community” and hijacked people's cell service to steal millions of dollars worth of cryptocurrency was sentenced Monday, according to the Department of Justice.
Garrett Endicott, a 22-year-old from Missouri, pleaded guilty and was sentenced to 10 months in prison. He was also ordered to pay $121,549.37 in restitution.
“The Community” used various methods, including bribing telecom employees and pretending to be users when calling into customer service lines, to take over victims’ mobile phone numbers—a kind of attack known as SIM hijacking or swapping—then leveraged that access to break into other accounts and bypass two-factor identification requirements to steal cryptocurrency, per the DOJ:
"Individual victims lost cryptocurrency valued, at the time of theft, ranging from under $2,000 to over $5 million. The sentenced defendants were involved in total thefts ranging from approximately $50,000 to over $9 million."
DOJ announced charges against Endicott and eight others in connection with the scheme in 2019 after an investigation by the U.S. Immigration and Customs Enforcement’s Homeland Security Investigations section and Irish law enforcement. Three of the individuals were former employees of telecom providers and six were alleged members of “The Community.”
Endicott is the last of the group members from the case, including four other people in the U.S. and one in Ireland, to be sentenced.
Andrea Peterson (they/them) is a longtime cybersecurity journalist who cut their teeth covering technology policy at ThinkProgress (RIP) and The Washington Post before doing deep-dive public records investigations at the Project on Government Oversight and American Oversight.