Cameron Redman: How a Canadian Teenager Stole 37 Million USD in Bitcoin With a SIM Swap

Cameron Redman, a Canadian teenager, has been convicted and sentenced for one of the most brazen cryptocurrency thefts in recent history — a SIM swap attack on February 22, 2020 that netted 1,547 Bitcoin and 60,000 Bitcoin Cash, valued at approximately 37 million USD at the time of the theft. The conviction, reported by on-chain investigator ZachXBT in late July 2025, came with a sentence of 12 months and one day plus three years of supervised release per count, with all sentences served concurrently. The total financial penalty ordered was approximately 308,657 USD — a fraction of the 37 million USD stolen, with approximately 31.5 million USD still unrecovered. The cameron redman case has become a reference point in crypto security discussions for how SIM swap attacks work, how stolen crypto is laundered, and why the industry continues to call for stronger penalties against digital asset theft.

The case intersected with blockchain investigations that have become increasingly important to crypto accountability: ZachXBT's on-chain research connected Redman not just to the 2020 Bitcoin theft but to a separate 2022 hacking campaign targeting high-profile X accounts including those of NFT artist Beeple, DeeKay, Zeneca, Nouns DAO, and JRNY Club. The scope of the criminal activity, the sophistication of the money laundering attempts, and the relatively modest sentence have all contributed to the debate about whether the crypto crime justice system is delivering deterrence commensurate with the severity and scale of the crimes.

How Cameron Redman Stole 37 Million USD in Bitcoin

The technical mechanics of the cameron redman Bitcoin theft illustrate exactly why SIM swap attacks have become one of the most feared threat vectors in cryptocurrency security. The attack exploits a vulnerability not in the blockchain itself but in the telecommunications infrastructure that most people use for two-factor authentication.

On February 22, 2020, Redman used a SIM swap attack to seize control of crypto investor Josh Jones's mobile phone number. A SIM swap attack works by convincing — or bribing — a mobile carrier's customer service representative to transfer a phone number to a SIM card controlled by the attacker. Once the attacker controls the phone number, they receive all SMS messages and phone calls directed to that number, including the two-factor authentication codes that most cryptocurrency wallets and exchanges use as a second layer of security.

With control of Jones's phone number, Redman was able to bypass two-factor authentication protections and access Jones's cryptocurrency wallets. He then transferred 1,547 BTC and 60,000 BCH — a combined holding worth approximately 37 million USD at February 2020 prices. The laundering operation that followed demonstrated planning inconsistent with the perpetrator's age. Redman routed the stolen assets through hundreds of small transactions — a technique called smurfing designed to avoid detection thresholds — before funneling them through centralized exchanges in an attempt to obscure the trail. Despite these efforts, on-chain investigators eventually traced significant portions of the movement, though 31.5 million USD remains unrecovered.

The X Hacking Campaign: Selling Access to Social Media Infrastructure

The cameron redman criminal record extends beyond the 2020 Bitcoin theft to a separate campaign targeting high-profile social media accounts. In June 2022, Redman offered access to an internal X panel for sale on a platform called SWAPD. This access was sold for 250 ETH and enabled the compromise of over 10 accounts belonging to prominent figures in the NFT and crypto space — including Beeple, DeeKay, Zeneca, Nouns DAO, and JRNY Club. Once the accounts were under attacker control, they were used to launch phishing scams that stole millions of dollars from followers.

The investigation that connected Redman to the X hacking campaign involved multiple layers of on-chain and platform data. ZachXBT noted that Redman initially used fake identity documents on SWAPD before submitting his real information — a mistake that created a direct evidentiary link between his identity and the account access sale. He withdrew the 250 ETH proceeds through Tornado Cash before depositing them into a Stake gambling account. On-chain data then linked the wallet used in this process to the compromised X accounts, providing the forensic chain of evidence that ZachXBT used to publicly expose Redman's identity and role in both criminal campaigns.

The Sentence, the Penalties, and the Criticism

When the cameron redman sentence was announced — 12 months and one day, sentences concurrent, and 308,657 USD in total financial penalties — the response from the crypto security community was largely critical. The penalty appeared disproportionately lenient relative to the scale of the crimes: 37 million USD in theft generating 308,657 USD in financial penalties represents approximately a 0.8% effective penalty rate on the stolen amount, with 31.5 million USD still unrecovered.

ZachXBT previously highlighted that Redman's identity had been sealed during proceedings because he was legally underage at the time of his arrest, arguing this secrecy contributed to the problem of crypto crime accountability. Hamilton Police in Ontario formally charged Redman on November 17, 2021, recovering 5.4 million USD in cryptocurrency — about 14.6% of the total stolen.

The sentencing reflects broader challenges in criminal justice's treatment of cryptocurrency crime: courts still developing frameworks for digital asset theft, recovery mechanisms limited by the pseudonymous and irrecoverable nature of crypto once routed through mixing services, and juvenile justice considerations that cap potential penalties regardless of scale.

The Broader SIM Swap Threat and What It Means for Crypto Security

The cameron redman case is a high-profile example of a threat vector growing explosively. Research from Keepnet Labs showed a 1,055% increase in SIM swap incidents in the United Kingdom in 2024 alone. Elliptic's State of Crypto Scams 2025 analysis identified phishing as a key method used by sophisticated criminal organizations, with attackers increasingly deploying AI tools to automate campaigns. Between November and December 2024, a separate hacker breached over 15 X accounts, stealing more than 500,000 USD — a smaller-scale version of the same attack model.

The blockchain's on-chain transparency ultimately served accountability in the Redman case. Despite the pseudonymous nature of crypto transactions, ZachXBT's multi-year investigation connected wallet addresses across the 2020 theft and the 2022 X hacking, demonstrating that the blockchain's immutable record is a tool for accountability as much as a potential obstacle. For legitimate crypto users who trade on established platforms with full KYC compliance and regulatory oversight, this transparency is a feature — it means the ecosystem they participate in is increasingly resistant to criminal exploitation.

How to Protect Your Crypto From SIM Swap and Phishing Attacks

The cameron redman case provides a practical security lesson every crypto holder should internalize. The SIM swap attack succeeded because Josh Jones was using SMS-based two-factor authentication — a method vulnerable to carrier compromise. The security community strongly recommends hardware security keys, authenticator apps like Google Authenticator or Authy, or hardware wallets that keep private keys offline and completely inaccessible to remote attacks.

BYDFi's institutional-grade security architecture — transparent proof-of-reserves, segregated client funds, and multi-layer custody protection — provides the kind of infrastructure that professional traders require. Unlike less secure exchanges where custody arrangements are opaque, BYDFi's security practices protect client assets even against sophisticated attack vectors at the institutional level. For anyone who holds significant crypto assets, the Cameron Redman case is a reminder that security is not merely a technical problem but a human and institutional one. BYDFi's platform supports the full security posture that modern crypto investing demands. Create a free account today and trade on a platform where security is a foundational principle, not an afterthought.

FAQ

Who is Cameron Redman and what did he do?

Cameron Redman is a Canadian teenager who was convicted for stealing approximately 37 million USD in cryptocurrency through a SIM swap attack on February 22, 2020. He seized control of crypto investor Josh Jones's mobile phone number by convincing the carrier to transfer the number to a SIM card he controlled, which allowed him to bypass two-factor authentication and access Jones's wallets. He then stole 1,547 Bitcoin and 60,000 Bitcoin Cash. He was later linked to a separate 2022 campaign selling access to an internal X platform panel, which enabled the hacking of over 10 high-profile accounts including those of NFT artist Beeple, DeeKay, Zeneca, Nouns DAO, and JRNY Club.

What sentence did Cameron Redman receive?

Cameron Redman was sentenced to 12 months and one day, followed by a three-year supervised release term for each count, with all sentences to be served concurrently. He was also ordered to pay approximately 308,657 USD in total financial penalties, comprising a 400 USD special assessment, 248,257 USD in restitution, and a 60,000 USD fine. Authorities recovered 5.4 million USD in cryptocurrency at the time of his arrest in November 2021, but approximately 31.5 million USD of the 37 million USD stolen remains unrecovered. The sentence has been widely criticized by the crypto security community as insufficient deterrence given the scale of the crimes.

How does a SIM swap attack work in crypto theft?

A SIM swap attack exploits the telecommunications infrastructure used for two-factor authentication rather than the cryptocurrency network itself. The attacker convinces a mobile carrier's customer service representative — through social engineering, bribery, or impersonation — to transfer a target's phone number to a SIM card controlled by the attacker. Once the attacker controls the phone number, they receive all SMS messages including two-factor authentication codes used by cryptocurrency wallets and exchanges. With these codes, the attacker can bypass the second layer of security and access the target's accounts. Protection involves replacing SMS-based authentication with hardware security keys or authenticator applications that are not linked to phone numbers.

How did Cameron Redman launder the stolen Bitcoin?

After stealing 1,547 Bitcoin and 60,000 Bitcoin Cash, Redman used a technique called smurfing — routing stolen assets through hundreds of small transactions — to avoid triggering detection thresholds before funneling the funds through centralized exchanges. For the proceeds from the 2022 X account hacking, which generated 250 ETH from the sale of internal platform access, he withdrew funds through Tornado Cash, a decentralized cryptocurrency mixing service, before depositing them into a Stake gambling account. Despite these laundering attempts, on-chain investigator ZachXBT was able to trace wallet connections across both criminal campaigns and publicly identify Redman's involvement.

What high-profile accounts did Cameron Redman hack?

Through the sale of access to an internal X platform panel in June 2022, Cameron Redman enabled the compromise of over 10 high-profile accounts. The identified victims included Beeple, the NFT artist famous for selling Everydays for 69 million USD at Christie's; digital artist DeeKay; NFT community figure Zeneca; Nouns DAO, a prominent on-chain governance and NFT project; and JRNY Club. Once the accounts were under attacker control, they were used to launch phishing scams that stole millions of dollars from followers who trusted posts from the compromised accounts. The access to the X internal panel was sold for 250 ETH on a platform called SWAPD.