Two Missouri men were arrested Monday on suspicion of committing a SIM swap attack which allowed them to steal $14 million in cryptocurrency from a California firm.

In a SIM swap attack, threat actors transfer the victim’s phone account to their own device in order to gain access to sensitive information accessible by the account.

Fletcher Robert Childers, 23, and Joseph Harris, 21, were arrested in Oklahoma City on suspicion of gaining unauthorized access to a cryptowallet owned by San Jose-based firm Crowd Machine to steal $14 million worth of the firm’s Crowd Machine Compute Tokens (CMCTs), according to Oklahoma News 4 .

The breach was reported on Sept. 22 after the victim’s cellphone account was transferred to another device located near the hotel where the men were arrested and authorities said the phone was purchased at a nearby WalMart where surveillance video showed two white males visiting the store, one of which purchased a phone on Sept. 18.  

The two allegedly taunted the victims after the theft was carried out and Crowd Machine said most exchanges temporarily suspended trading of the currency. Crowd Machine also recommended no one purchase tokens until after the investigation noting that stolen tokens involved in the theft wouldn’t be honored.