"Better Call Saul" also fell victim to SIM card attacks, with a fake celebrity cryptocurrency scam stealing hundreds of thousands of dollars

Author: ZachXBT, On-chain Detective

Compiled by: Ismay, BlockBeats

Editor’s Note: Recently, the convicted British hacker Gurv (Gurvinder Bhangu) has drawn attention again, as he is accused of being involved in the hacking of social media accounts of famous actors Sydney Sweeney and Bob Odenkirk. By creating a Solana meme coin scam, these attacks resulted in losses exceeding $530,000.

The scam used by Gurv is a SIM card swap attack. Last year, crypto user @darengb also reported that his SIM card was swapped by hackers, leading to the theft of 22 ETH from his friend.tech account. Some criticized the security measures of mobile operators, while others pointed out the inherent security vulnerabilities of using phone numbers as a means of authentication. Verizon's related security features and industry security measures have also become the focus of discussion, as similar SIM swap attacks had previously occurred with Ethereum co-founder Vitalik.

The following is the original content:

An investigation into the convicted British hacker Gurv (Gurvinder Bhangu) and his connection to the recent hacking of Sydney Sweeney and Bob Odenkirk's social media accounts shows that over $530,000 was stolen through the creation of a Solana meme coin scam.

On July 2, Sydney Sweeney's account suffered a SIM card swap attack, after which a meme coin link was posted on her account, causing the coin's price to surge and then plummet.

The team wallet from the SWEENEY scam sold assets totaling over $515,000.

Main team wallet addresses:

AgySZeAtqM3iSbvMPxv2g94oTd3segx4WdKuFD7M5CEr

jQEaiiAkRGhFoCDnjxn6mmtrksC4EckF38fxkaNMs1j

After cashing out, the hacker began taunting on social media, attempting to blame recent events involving Hulk Hogan and 50 Cent on them, but there was little evidence to suggest they were responsible for those incidents.

Through time analysis, we can see that the funds from the scam were first transferred to an exchange on Solana, then exchanged for Bitcoin and Ethereum.

Destination addresses:

0x0350730e4907cd69d1f3cf89f42a58091e397b11

bc1qs2lg3m278cuem2kz6shx6vn9xxzvf8lrd67dp5

bc1qvpjvdjvl98z2uz5dxhv3s32f3eenvjwzdtmlf8

These funds were dispersed on-chain, leading us to infer that multiple individuals were involved.

After the incident, screenshots appeared online showing Gurv receiving the login code for Sydney Sweeney's account on Telegram, which was obtained through the SIM swap. Additionally, a receipt from Verizon was attached, showing the record of Sydney Sweeney's SIM card swap.

Gurv is a convicted hacker who previously served time in the UK for hacking Instagram accounts and extorting users. At that time, Gurv told law enforcement, "This isn't even a crime."

Further confirmation indicates that Gurv is indeed the person in the screenshots. In multiple Telegram groups, he replied to messages using the same Telegram user ID and discussed his experiences in prison.

By linking the Ethereum addresses involved in the Sydney Sweeney SIM swap incident, we found that on July 9, 1.5 ETH was sent to an exchange and received on Solana. Based on this information, we can identify another attack carried out by Gurv or his associates.

Source transaction:

0xec0c75bc72bec3804c056e56da52ce8b1e43e2f9e326debaf979a6c61cfab41f

Target transaction:

i1kC4YgDTwfg7zvt5krxbarxdDeVSbk3t7o3jYEDMyBiWhWFEFVjMbD8qtMUQYnvzP1ybJ7ZA4SqZFivAfcUhoK

On July 9, Bob Odenkirk (actor from "Breaking Bad" and "Better Call Saul") had his social media account hacked and a meme coin link was posted, similar to the situation with Sydney Sweeney. However, this time they messed up and posted two coins (KIRK and SAUL), resulting in a much smaller profit.

The proceeds were sent to the same Ethereum address, which also funded the Solana address.

It is hoped that UK law enforcement will act swiftly, utilizing the substantial evidence available to pursue Gurv again, as some funds have been transferred to cryptocurrency casinos and used to purchase gift cards.

Currently, the funds held in wallets related to these hacking attacks amount to approximately $488,000.

Funds location:

0x461f8929fc2b039f2917b7556894f21a51b4138a

bc1qs2lg3m278cuem2kz6shx6vn9xxzvf8lrd67dp5

bc1qvpjvdjvl98z2uz5dxhv3s32f3eenvjwzdtmlf8

0x2655770dc11073d8ce90725655862a13c73999fd

0x71d06fa03134fe5fd4b235f448e490e521f00845