Three people have been charged with orchestrating a $400 million hack that is reportedly tied to failed cryptocurrency exchange FTX. A grand jury charged them, ArsTechnica reported, with two counts of conspiracy to commit wire fraud and aggravated identity theft and access device fraud stemming from nearly two years of SIM swapping crimes.
According to prosecutors, Americans Robert Powell, Carter Rohn, and Emily Hernandez carried out SIM swap attacks between March 2021 and April 2023.
The court document cited by ArsTechnica, however, does not mention FTX or its founder Sam Bankman-Fried, by name. Instead, it used the moniker Victim Company-1. A subsequent Bloomberg report today cites unnamed sources confirming that Victim Company-1 is indeed FTX.
“Around Nov. 11, 2022, Hernandez used a fake ID with an FTX employee’s details to convince AT&T to transfer the mobile phone account to another SIM card,” Bloomberg said. “The alleged ringleader of the group, Powell—who uses online monikers ‘R$’ and ElSwapo1—then used various authentication codes to access FTX’s crypto wallets.”
Several targets are listed in the indictment, but one entry, in particular, had many speculating that it may be the hack that targeted FTX on the same day the company filed for Chapter 11 bankruptcy in late 2022.
“On or about November 11, 2022, and continuing into November 12, 2022, co-conspirators transferred over $400 million in virtual currency from Victim Company-1’s virtual currency wallets to virtual currency wallets controlled by the co-conspirators,” prosecutors said.
“Investigating abnormalities with wallet movements related to consolidation of FTX balances across exchanges,” FTX US general counsel Ryne Miller said at the time in a now-deleted tweet.
Over the 24 hours, over $650 million was stolen, according to blockchain detective ZachXBT.
Sim jacking or SIM swapping is a type of cyberattack that involves taking over someone’s phone number by talking carrier customer support workers into transferring it to a different SIM card. Hackers can then use the reassigned SIMs to bypass two-factor authentication and access the victim’s online accounts, such as bank accounts, social media accounts, and email accounts.
Edited by Ryan Ozawa.