T-Mobile has been ordered to pay $33 million after an arbitration panel found the telecom carrier responsible for multiple security failures tied to a SIM swap attack that resulted in cryptocurrency theft. The award was disclosed by law firm Greenberg Glusker on March 20. The Los Angeles arbitration was held in the fall of 2023 and included 12 days of testimony, with the panel concluding that T-Mobile’s security shortcomings enabled the unauthorized SIM transfer.
Award includes legal fees, interest, and costs
According to Greenberg Glusker, the final amount paid by T-Mobile included more than $6.5 million in attorneys’ fees, interest, and related costs. The firm said T-Mobile has already paid the award in full. It has also filed a petition in Los Angeles Superior Court to confirm the arbitration result and make more details of the case publicly available.
Attorney Pierce O’Donnell described the outcome as the largest known SIM swap-related award on record and a meaningful win for mobile phone users. The firm said its legal team showed that T-Mobile had long failed to address known vulnerabilities, despite the risks tied to such attacks.
Case spotlights carrier security responsibilities
Greenberg Glusker argued that SIM swapping has remained an inadequately addressed security weakness for years. Attorney Paul Blechner explained that when an unauthorized SIM swap occurs, the victim’s phone is disconnected from the network while calls and text messages are redirected to a device controlled by the attacker. For users relying on text-based authentication, that window can quickly lead to account takeovers and stolen digital assets.
Attorney James Molen said T-Mobile tried to avoid liability during the proceedings, but the evidence showed the company failed to take reasonable steps to fix what he described as a porous security system and to protect vulnerable customers. The law firm also said that although the $33 million award is now public, T-Mobile is seeking to seal the arbitrator’s findings, limiting public access to details about the carrier’s security failures.
The case has renewed attention on telecom security, SMS-based authentication risks, and the broader vulnerability of crypto holders to SIM swap attacks. For digital asset users, the dispute is a reminder that mobile number control can be a critical point of failure in protecting funds.

