SIM-Swapper “Scattered Spider” Hacker Sentenced to 10 Years, Ordered to Pay $13 Million

A 20-year-old Palm Coast man, Noah Michael Urban-known as “King Bob”, “Sosa”, and other aliases-was sentenced today, 21 August 2025, to 10 years in federal prison and ordered to pay $13 million in restitution for SIM-swap-enabled cryptocurrency thefts and wire fraud, underscoring the growing cybersecurity peril posed by social engineering attacks. The verdict signals intensified law enforcement pressure on SIM-swap threat actors at a pivotal moment in digital asset protection.

• Noah Michael Urban, age 20, of Palm Coast, Florida, pleaded guilty in April 2025 to charges including conspiracy to commit wire fraud, wire fraud, and aggravated identity theft in Florida, and conspiracy to commit wire fraud in California.
• He was sentenced on 20 August 2025, receiving 120 months (10 years) in federal prison plus three years of supervised release, and restitution of $13 million to 59 victims.
• Urban admitted stealing at least $800,000 in cryptocurrency from five victims between August 2022 and March 2023 via SIM-swap attacks..

Modus Operandi: SIM-Swapping and Social Engineering

• Urban and co-conspirators used phishing and impersonation of mobile carriers and IT help desks to convince telecom staff to port victims’ mobile numbers to devices under their control, classic SIM-swap attacks.
• Once in control of SMS and authentication messages, they accessed cryptocurrency accounts to reset passwords and siphon funds..

Asset Seizure and Restitution

• Law enforcement seized over $3 million in cryptocurrency from Urban’s computer, cash, jewelry, and six luxury watches; all were forfeited as part of the plea deal, in addition to restitution..

Wider Cybercrime Context: Scattered Spider

• Urban was part of the infamous Scattered Spider gang (also tracked as 0ktapus, Starfraud), known for high-profile SIM-swap, phishing, and ransomware-assisted extortion against targets like MGM Resorts, Caesars, Coinbase, Twilio, and others..
• The gang’s tactics include vishing, smishing, MFA fatigue, and social engineering to bypass even strong technical defenses..

Regional (MEA) Implications

While Urban’s crimes occurred in the U.S., the SIM-swap threat is global—mobile-driven economies in the Middle East and Africa, reliant on SMS-based 2FA and digital wallets, must heed this verdict as a wake-up call to bolster cybersecurity awareness and infrastructure. Strengthening identity verification at telecoms and expanding security services like multi-factor authentication (especially app-based or hardware tokens) is urgent across MEA sectors.

Expert Perspectives

Adam Darrah, VP of Intelligence at ZeroFox, commented on Scattered Spider’s tactics—“They generate urgency… timed leaks, countdown threats, and taunts… multiplying their effectiveness.”.

Flashpoint, profiling the group, emphasized that “even the most advanced technical defenses can be circumvented through human deception” via SIM-swapping and social engineering..

Actionable Takeaways for CISOs and Executives

1. Eliminate reliance on SMS-based 2FA-prioritize app-based MFA and hardware tokens.
2. Enhance telecom authentication-bid telecom providers use secure, multi-factor identity checks before approving SIM changes.
3. Conduct social engineering simulations-test your staff’s awareness via realistic phishing/SIM-swap drills.
4. Segment critical systems-isolate cryptocurrency or financial assets behind stricter access controls.
5. Monitor for unusual SIM-related behavior-early detection of number porting requests or SIM changes can block breaches.
6. Collaborate with law enforcement-public-private partnerships help trace cross-border threat actors.
7. Strengthen incident response-ensure quick lockout of accounts and number recovery when attacks occur.
8. Public awareness campaigns-educate users and executives in MEA on SIM-swap risks and recovery steps.

Conclusion

Noah Urban’s sentence marks a significant success against SIM-swap-based cyber threats. But the verdict also underlines the persistent danger of social engineering, which can bypass even robust technical defences. CISOs and cybersecurity leaders must adopt holistic, user-centric, and telecom-collaborative strategies to neutralize these evolving threats, both in the U.S. and across the MEA region.

Sources

• News4JAX: “Palm Coast man … sentenced to 10 years … $13 million restitution” (20 August 2025)
• The Hacker News: “Scattered Spider Hacker Gets 10 Years…” (21 August 2025)
• BleepingComputer: “Scattered Spider hacker gets sentenced…” (21 August 2025)
• The Register: “SIM-swapper must repay $13.2M to 59 victims” (7 April 2025)
• KrebsOnSecurity: “Fla. Man Charged in SIM-Swapping Spree…” (Jan 2024)
• Recorded Future / The Record: “Scattered Spider member pleads guilty…” (7 April 2025)