FTX’s $400M hack linked to SIM swap attack, feds charge 3

The $400 million hack on FTX has been linked to a trio charged by the U.S. for carrying out dozens of SIM swap attacks.
The $400 million hack on FTX has been linked to a trio charged by the U.S. for carrying out dozens of SIM swap attacks.

Three individuals charged by United States prosecutors for orchestrating a series of sim-swap attacks have been linked to the $400 million hack of FTX in 2022 that occurred just hours after it filed for bankruptcy.

A Jan. 24 filing in a Washington, D.C. District Court U.S. federal prosecutors charged Robert Powell, Carter Rohn and Emily Hernandez with carrying out SIM swap attacks by stealing the identities of 50 victims and convincing telecom providers to port victims numbers to the trio’s phones.

Extracts from the filing detailing the reported alleged attack against FTX. Source: CourtListener

A part of the filing details an attack on “Victim Company-1” — where on Nov. 11 and 12, 2022, Hernandez allegedly impersonated an employee at the company and Powell then gained access to their AT&T account, accessed company accounts and “transferred over $400 million in virtual currency” out of the crypto wallets.

A Feb. 1 blog post from blockchain security firm Elliptic said it “appears likely that FTX is the ‘Victim Company-1’ named in the indictment” as FTX’s crypto wallets had multiple unauthorized transactions totaling around $400 million in the hours after it filed for bankruptcy on Nov. 11, 2022.

A Feb. 1 Bloomberg report cited two people familiar with the case, who confirmed the company referred to in the indictment is FTX.

Some of the funds were sent to the crypto exchange Kraken shortly after the hack. Its chief security officer Nick Percoco posted to X at the time that it was aware of the user’s identity.

For months after, the exploiter wallets moved the funds through different bridges and blockchains to try to launder the pilfered crypto.

Related: FTX to fully repay customers but not restart exchange, says lawyer

SIM swapping allows attackers to intercept multi-factor authentication codes often used for logins and multiple high-profile crypto figures and projects were successfully targeted in a spate of attacks in December.

The X account of the U.S. Securities and Exchange Commission was also targeted in a SIM swap attack, the agency confirmed, after exploiters falsely posted from its account that spot Bitcoin (BTC) exchange-traded funds had been approved.

FTX CEO and restructuring chief John J. Ray III claimed the exchange’s poor security and lack of proper systems was “pure hell” to wrangle with when he took over post-bankruptcy — likely making it a good target for the alleged SIM-swapping trio.

Powell, Rohn and Hernandez have been charged with wire fraud conspiracy and identity theft.

Magazine: DeFi’s billion-dollar secret: The insiders responsible for hacks