Ellis Pinsky's $24 Million SIM Swap Heist at 15—How One Teen Executed Crypto's Most Audacious Theft

At just 15 years old, Ellis Pinsky orchestrated what became the largest individual SIM swap attack in recorded history. This wasn’t some script-kiddie operation gone right—it was a precision digital heist that would eventually land on the FBI’s desk and reshape how the crypto industry thinks about security vulnerabilities.

The story begins with Michael Turpin, a crypto investor who had no idea that his phone number was about to become the most valuable piece of real estate in a teenager’s criminal enterprise. Ellis Pinsky, operating from the East Coast with a network of teenage conspirators, had devised a simple but devastatingly effective attack vector: bribe telecom company employees to redirect a target’s phone number to a device under their control.

The Perfect Target and the Mastermind Behind the Scam

Michael Turpin’s life changed the moment he left a crypto conference and his phone went dark. Across the country, Ellis Pinsky’s network was in motion. They had already cultivated relationships with telecom workers willing to perform SIM swaps for the right price. Once they controlled Turpin’s number, they had the master key: text message verification codes.

Ellis deployed scripts via Skype that systematically breached Turpin’s digital infrastructure—emails first, then cloud storage, then the holy grail: cryptocurrency wallet credentials. The operation was methodical. The team found themselves staring at an astounding discovery: $900 million worth of Ethereum sat in Turpin’s wallets. But it was protected by multi-signature security measures they couldn’t crack.

They kept digging. That’s when they found it—$24 million in a more accessible wallet. Within hours, the funds were gone. Turpin’s main accounts remained untouched, but $24 million had simply vanished into Ellis Pinsky’s underground economy.

$900 Million in Reach, but Only $24 Million in Hand

The score was enormous, but it came with immediate complications. One conspirator bolted with $1.5 million of the stolen funds. Another made the catastrophic mistake of discussing hiring a hitman online—a conversation that would later draw law enforcement scrutiny. The operation, despite its technical sophistication, was crumbling under the weight of loose tongues and criminal greed.

Ellis Pinsky, suddenly flush with unprecedented wealth for a teenager, made the predictable mistakes. A $100,000 Rolex watch was purchased and hidden under his bed. Nightclubs saw him frequently. The lavish spending was the kind of OPSEC failure that eventually catches every criminal.

The Unraveling: When Partners Can’t Keep Secrets

The beginning of the end came when Nicholas Truglia, one of Ellis Pinsky’s key partners in the operation, made a fatal error. Truglia bragged publicly online: “Stole $24M. Still can’t keep a friend.” More damaging, he used his real identity on Coinbase. The FBI didn’t need much after that. Truglia was arrested and subsequently imprisoned.

Ellis Pinsky faced a different outcome, primarily because of his age. The federal system’s treatment of juveniles meant he avoided the harshest charges, but he couldn’t escape the consequences entirely. Michael Turpin pursued a $22 million civil lawsuit against the teenage thief. Masked gunmen broke into Ellis Pinsky’s home in a terrifying reminder that the criminal underworld operates by different rules than the justice system.

From Digital Criminal to NYU Student: Ellis Pinsky’s Path After the Heist

Today, Ellis Pinsky is a philosophy and computer science major at New York University. He describes himself as an aspiring startup founder working to repay his debts and distance himself from his criminal past. Whether that reinvention is genuine or performative remains an open question—but by 15, Ellis Pinsky had accumulated assets, insider connections, lawsuits, and physical threats that would define most people’s entire lives.

The numbers tell the story: 562 Bitcoin acquired through criminal enterprise, a nationwide network of corrupted telecom insiders, a $22 million lawsuit, and the unwanted attention of both federal law enforcement and private actors seeking revenge.

What the Ellis Pinsky Case Reveals About Crypto Security

The Ellis Pinsky heist exposed critical vulnerabilities in how the crypto industry—and telecommunications infrastructure—protects digital assets. SIM swaps remain one of the most effective attack vectors against even sophisticated users because the vulnerability isn’t technical; it’s human. Bribing a telecom employee is often easier than finding a zero-day exploit.

The incident accelerated adoption of hardware wallets, biometric authentication, and multi-signature requirements across major exchanges and custodial services. It also highlighted a generational risk: technically proficient teenagers with nothing to lose and everything to gain can pose existential threats to high-net-worth individuals in the crypto space.

Ellis Pinsky’s story serves as a cautionary tale on two fronts—for crypto investors who underestimate social engineering attacks, and for young hackers who believe their technical skills grant them immunity from consequences.