Hackers use AT&T systems to steal millions in customer crypto, source says

Listen to this article.

A hacking group with access to AT&T’s internal network has stolen up to $20 million in crypto from customers’ wallets, according to an anonymous source.

As reported by TechCrunch, cybercriminals infiltrated AT&T’s employee portal which in turn allowed them to generate their own mail keys — the details that anybody with an AT&T email address can use to log into their accounts without using a password.

Once they have a mail key, attackers are able to tamper with users’ crypto exchange passwords and reset their login details. From there, they can siphon off victims’ coins.

The anonymous source claimed the hackers made between $15 and $20 million in stolen crypto. TechCrunch couldn’t verify the amount of crypto stolen and AT&T hasn’t disclosed how many victims there are.

Read more: US Treasury sanctions OTC traders for aiding Lazarus hackers

A number of customers have come forward to confirm the attacks. One victim claimed to have lost $134,000 dollars from his Coinbase account while another said, “It has been happening repeatedly since November 2022 — probably 10 times at this point.

“Very frustrating because it is obvious that the ‘hackers’ have direct access to the database or files containing these customer Outlook keys.”

Customers with att.net, sbcglobal.net, bellsouth.net, or other AT&T email addresses are said to be at risk.

AT&T denies that its internal systems have been hacked 

Despite the claims from the anonymous source, customer complaints, and even Telegram chats in which the hackers claim to have access to the “entire AT&T employee database,” the company is adamant that no attackers have cracked its internal systems.

Indeed, an AT&T spokesperson said, “There was no intrusion into any system for this exploit. The bad actors used an API access.”

The spokesperson added that the company has updated its security and has, “proactively required a password reset on some email accounts.” This has apparently wiped out any secure mail keys that had been created.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on TwitterInstagramBluesky, and Google News, or subscribe to our YouTube channel. Quotes in bold are our emphasis.