Canadian SIM Swapper Busted After $37M Crypto Heist—ZachXBT Drops the Receipts
Another day, another crypto crime—but this one’s got flair. A Canadian fraudster thought SIM swaps were their golden ticket… until blockchain sleuth ZachXBT traced the $37 million trail.
How’d they do it? Old-school social engineering meets new-school greed. The attacker bypassed SMS 2FA like it was a turnstile, draining wallets while victims slept. Classic.
And the kicker? That $37 million probably bought them a few Lambos—or at least a nice maple-syrup-flavored NFT. Meanwhile, traditional banks lose that much to lunchtime accounting errors and call it ‘operational risk.’
Redman got away with millions before the police intervened
The hack happened on February 22, 2020, when Redman SIM swapped Josh Jones, an early crypto investor, and took control of his number. That let him bypass security tied to Josh’s wallets. Redman drained 1547 Bitcoin and 60,000 Bitcoin Cash from two BTC wallets and one BCH address.
After the theft, Redman started laundering the BCH through hundreds of tiny transactions, sending them into centralized exchanges to try and cover his tracks. Zach posted the chart below showing how the stolen tokens moved through the blockchain, ending up mostly at just two exchanges.
By the time police stepped in, most of the money was already scattered.
It wasn’t until November 17, 2021, that Redman was formally charged by Hamilton Police in Ontario, with backup from the FBI and the US Secret Service. Officers were able to seize $5.4 million in crypto, but the rest—$31.5 million—was never recovered. At the time of arrest, Redman was still legally underage, which meant his name stayed sealed, and his photo wasn’t released.
Zach said that secrecy is part of the problem. He believes Redman’s identity should’ve been public once he allegedly moved on to phishing and hijacking X accounts. Those takeovers reportedly caused millions in losses from followers who trusted hacked NFT-related profiles and got tricked into handing over wallet credentials.
SIM swapping is exploding and organized crime is involved
Zach’s frustration isn’t about one hacker. SIM swaps are growing fast, especially in 2024 and 2025. The UK saw a 1,055% rise in cases from the previous year, jumping from 289 to 2,985 incidents. In the US, the FBI recorded $68 million in SIM swap losses in 2021, followed by $48.8 million in 2023 from over 1,000 victims, then $82 million in 2024.
The damage is serious enough that organized crime groups, including ones tied to the Italian Mafia, are now using SIM swaps to pull off million-dollar thefts.
The method is low-tech but powerful. Hackers steal enough personal info—through phishing, breaches, or social media—to trick mobile providers into handing over someone’s number. Once they control it, they intercept 2FA codes sent by SMS, lock users out of their accounts, and start draining crypto wallets and bank accounts.
The results can be brutal. Victims have lost tens of thousands, faced identity theft, and been saddled with fraudulent debt. One person in the UK saw £50,000 wiped across different accounts. Another got hit with £2,200 in fake charges.
Even Jack Dorsey, the founder and former CEO of Twitter, had his account taken over using this tactic in 2019. Back in 2018, one crypto investor lost $23.8 million in one go to a similar SIM hack.
While eSIM tech does reduce physical risks, it hasn’t solved the issue because the real weakness is still human error and social engineering. Tech experts say using authenticator apps like Google Authenticator is safer than relying on SMS-based two-factor authentication.
They also suggest setting custom PINs with carriers, sharing less online, and reacting fast if a swap is suspected. That means freezing accounts, contacting the carrier, and keeping an eye on transaction logs. But even with all that, criminals keep adapting, and the systems in place aren’t strong enough to stop them completely.
Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income. Register Now
