How Teenager Ellis Pinsky Orchestrated a $24 Million SIM Swap Heist

At just 15 years old, Ellis Pinsky directed one of the largest digital theft operations ever attributed to a minor. Through coordinated SIM swap attacks, he and a group of accomplices intercepted phone-based authentication systems to access cryptocurrency wallets, ultimately stealing $24 million in digital assets. The audacity of the scheme—executed by teenagers who lacked traditional criminal networks—caught the attention of federal investigators and sparked conversations about the vulnerabilities in telecommunications infrastructure and cryptocurrency security.

The operation began when Ellis Pinsky and associates targeted crypto investor Michael Turpin. The group deployed a classic telecom exploit: bribing telecommunications workers to redirect Turpin’s phone number to devices under their control. Once they gained control of his number, Ellis Pinsky and his team deployed automated scripts that systematically extracted digital assets from Turpin’s accounts—emails, cloud storage, and crucially, the login credentials to his cryptocurrency holdings.

The Technical Mechanism: How SIM Swapping Became a Crypto Weapon

SIM swapping, at its core, is a low-tech authentication bypass. The perpetrators identified that phone-based two-factor authentication—designed to protect online accounts—could be circumvented if they controlled the target’s phone number. By convincing or bribing telecom representatives to transfer a victim’s number to a new SIM card, attackers gained access to SMS codes that unlock password-reset functions. Once inside email accounts, wallet credentials became accessible. For cryptocurrency holdings like Ethereum and Bitcoin, this meant near-total account compromise.

Ellis Pinsky’s operation initially discovered $900 million in Ethereum holdings across Turpin’s accounts, but these were secured by additional layers of authentication. The team pivoted and located $24 million in accessible digital assets—which they successfully transferred to accounts under their control. The stolen funds represented the largest individual SIM swap theft documented at the time.

From Hacker Forums to Federal Investigation

Ellis Pinsky’s path to cybercrime followed a familiar trajectory. Raised in New York City, he gained early exposure to technology and hacking communities online. By his early teens, he had transitioned from academic hacking forums to more serious criminal activity—first monetizing stolen social media handles, then graduating to direct cryptocurrency theft through SIM swapping exploits.

The operation yielded significant immediate wealth. Ellis Pinsky and associates purchased luxury items—including high-end watches and access to nightlife venues—while attempting to maintain operational security. However, the scheme rapidly unraveled when accomplices proved unable to keep quiet about their success. Nicholas Truglia, a co-conspirator, publicly bragged about the theft online and made the critical error of linking his real identity to Coinbase transactions. Federal investigators traced the funds through blockchain records and traditional banking channels. Truglia was prosecuted and imprisoned.

Consequences and Ellis Pinsky’s Path Forward

Ellis Pinsky faced serious federal charges, but his age—he was 15 at the time of the crime—became a significant legal factor. While he avoided maximum criminal penalties, Michael Turpin pursued civil action, obtaining a $22 million judgment against him. The lawsuit far exceeded any assets Ellis Pinsky retained, effectively placing him in decades of debt repayment.

Additional consequences emerged beyond the courtroom. Turpin and others targeted by Ellis Pinsky and his group experienced physical security threats; in one incident, armed individuals entered a victim’s residence, illustrating how digital crime often escalates into physical danger.

Today, Ellis Pinsky is enrolled at New York University, pursuing studies in philosophy and computer science. He has publicly stated his intention to build legitimate technology ventures and work toward satisfying the civil judgment against him. Whether this represents genuine reform or a strategic repositioning remains a subject of debate within cybersecurity communities.

The Ellis Pinsky case crystallized concerns about SIM swap vulnerabilities that persist in modern telecommunications infrastructure and raised urgent questions about protecting cryptocurrency assets from authentication-based attacks. His story serves as both a cautionary tale about teenage participation in sophisticated cybercrime and an indictment of the security gaps that made the theft possible.