Alleged SIM Swapper Used Stolen Bitcoin to Buy Luxury Cars

Francisco Memoria
  • An alleged SIM swapper has reportedly used stolen BTC to buy luxury cars, including a 2018 McLaren.
  • The hacker reportedly managed to see over 150 BTC flow through his wallets before being caught.

A 19-year-old teen named Xzavyer Narvaez, accused of seven counts of computer crimes, grand theft, and identity fraud, reportedly used bitcoin he stole from his victims to buy himself luxury cars.

According to Motherboard, Narvaez hijacked victims’ phone numbers in a technique known as SIM swapping to steal their bitcoin, as he presumably used access to victims’ numbers to go through their two-factor authentication (2FA) checks.

Motherboard’s report revealed DMV records police went through show Narvaez bought a 2018 McLaren, partly paid for in BTC, and partly through the trade-in of a 2012 Audi R8 that had been purchased with the flagship cryptocurrency in June of last year.

The report reads:

The investigators obtained records from Bitcoin payment provider BitPay, and cryptocurrency exchanges Bittrex. The records revealed that between March 12, and July 12 of this year, Narvaez’s account saw a flow of 157 Bitcoin (now worth around $1 million), according to a court document.

Digging deeper, Motherboard had multiple sources within the SIM swapping community reveal an individual going by Xzavyer was “one of the best SIM swappers out there.” The sources pointed to a now-deactivated Instagram account that went by “xza” and featured pictures of a white McLaren.

These were captioned with “live fast, die young.” Per the news outlet, the 19-year-old was released without bail this month.

The Investigation

Citing investigators at the Regional Enforcement Allied Computer Team (REACT), a task force of multiple California police departments investigating the growing SIM swapping trend, Motherboard revealed a cellphone used by Joel Ortiz, the first hacker in the US accused of the practice, had at one point logged into Narvaez’s Gmail account.

Per the findings, AT&T gave authorities the unique identifying numbers of the devices used to hijacked victims’ phones, and the coordinates of the cell phone towers these were connected to, along with Narvaez’s call records.

These records showed the hacker was connected to the same tower one of the victims was connected to, at the same time. After adding Apple account information to the mix, authorities were able to track down three victims – one of which claims to have lost $150,000 worth of crypto last year.

The SIM swapping trend has made hundreds of victims around the US, as criminals have been targeting cryptocurrency investors and people with short, unique Instagram names that can be resold on the gray market.

As CryptoGlobe covered an American crypto investor, Michael Terpin, filed a $224 million lawsuit against AT&T after the phone carrier’s alleged “gross negligence” in a SIM swapping case cost him $24 million in cryptocurrency.

Hacker Attempts to Sell Data Allegedly Stolen From Ledger, Trezor, and KeepKey

Michael LaVere
  • Online data monitoring service Under the Breach says a hacker is attempting to sell databases belonging to Ledger and Trezor.
  • The hacker allegedly used a Shopify exploit to obtain client information, while the company claims to have found "no evidence" of a breach in security.

Online data monitoring and prevention service Under the Breach says a hacker is attempting to sell client information belonging to cryptocurrency hardware wallet manufacturers Trezor, KeepKey, and Ledger. 

According to a tweet published May 24, Under the Breach said an the alleged hacker of the forum was attempting to sell databases belonging to Trezor, KeepKey and Ledger. The stolen data was reportedly obtained via an exploit involving the e-commerce platform Shopify, with the tweet implying more leaks could have occurred that have gone unnoticed. 

The hacker also claimed to have the full SQL database belonging to the online crypto and fintech investment bank, BnkToTheFuture. 

In a subsequent tweet, the data monitoring service claims to have warned BnkToTheFuture about the leaked information.

The documents posted by Under the Breach reveal the hacker allegedly has information belonging to three large databases encompassing 80,000 clients.  

Ledger responded to the proposed Shopify data breach the same day, calling the hack a “rumor.” The crypto wallet manufacturer claimed to have analyzed screenshots from the leaked database and found it did not match their records. 

A Shopify representative told News.Bitcoin that the company had investigated the security breach and found “no evidence” of any compromise. 

Featured Image Credit: Photo via