A 19-year-old teen named Xzavyer Narvaez, accused of seven counts of computer crimes, grand theft, and identity fraud, reportedly used bitcoin he stole from his victims to buy himself luxury cars.

According to Motherboard, Narvaez hijacked victims’ phone numbers in a technique known as SIM swapping to steal their bitcoin, as he presumably used access to victims’ numbers to go through their two-factor authentication (2FA) checks.

Motherboard’s report revealed DMV records police went through show Narvaez bought a 2018 McLaren, partly paid for in BTC, and partly through the trade-in of a 2012 Audi R8 that had been purchased with the flagship cryptocurrency in June of last year.

The report reads:

The investigators obtained records from Bitcoin payment provider BitPay, and cryptocurrency exchanges Bittrex. The records revealed that between March 12, and July 12 of this year, Narvaez’s account saw a flow of 157 Bitcoin (now worth around $1 million), according to a court document.

Digging deeper, Motherboard had multiple sources within the SIM swapping community reveal an individual going by Xzavyer was “one of the best SIM swappers out there.” The sources pointed to a now-deactivated Instagram account that went by “xza” and featured pictures of a white McLaren.

These were captioned with “live fast, die young.” Per the news outlet, the 19-year-old was released without bail this month.

The Investigation

Citing investigators at the Regional Enforcement Allied Computer Team (REACT), a task force of multiple California police departments investigating the growing SIM swapping trend, Motherboard revealed a cellphone used by Joel Ortiz, the first hacker in the US accused of the practice, had at one point logged into Narvaez’s Gmail account.

Per the findings, AT&T gave authorities the unique identifying numbers of the devices used to hijacked victims’ phones, and the coordinates of the cell phone towers these were connected to, along with Narvaez’s call records.

These records showed the hacker was connected to the same tower one of the victims was connected to, at the same time. After adding Apple account information to the mix, authorities were able to track down three victims – one of which claims to have lost $150,000 worth of crypto last year.

The SIM swapping trend has made hundreds of victims around the US, as criminals have been targeting cryptocurrency investors and people with short, unique Instagram names that can be resold on the gray market.

As CryptoGlobe covered an American crypto investor, Michael Terpin, filed a $224 million lawsuit against AT&T after the phone carrier’s alleged “gross negligence” in a SIM swapping case cost him $24 million in cryptocurrency.