DOJ charges hackers behind $400 million SIM-swap attack on FTX

Federal prosecutors say that the group operated as a SIM-swapping ring, targeting FTX and other victims over two years.

DOJ charges hackers behind $400 million SIM-swap attack on FTX

Share this article

The US Department of Justice (DOJ) has charged three individuals for allegedly carrying out the SIM-swap attack on the FTX exchange in November 2022, with the heist happening hours after it filed for bankruptcy.

The DOJ’s indictment alleges Robert Powell, Emily Hernandez, and Carter Rohn as the main perpetrators behind the hack, which drained over $400 million from the defunct exchange.

Federal prosecutors say that the group operated as a SIM-swapping ring, targeting FTX and other victims over two years. Powell, Hernandez, and Rohn were indicted on wire fraud charges and aggravated identity theft.

SIM-swap attack is a type of account takeover fraud. Hackers trick mobile phone carriers into transferring or “swapping” a victim’s phone number onto a SIM card that the attackers control.

Once they control the victim’s phone number, the hackers can intercept two-factor authentication codes sent via SMS to access online accounts. By bypassing SMS-based two-factor authentication, the attackers can drain money from bank accounts, crypto wallets, and other digital accounts or wallets that may store digital assets or valuable financial information.

According to court filings, the group collected personal information on around 50 victims, using the information they gathered to activate SIM cards linked to victim’s phone numbers.

Though FTX is not directly named, two sources confirmed to an earlier report on Bloomberg that it was “victim company-1” referred to in the indictment. The filings state that around November 11th, 2022, Hernandez utilized a fake ID to convince AT&T to transfer an FTX employee’s phone number to a SIM card possessed by the hackers. Powell — known by his online handles “R$” and “ElSwapo1” — allegedly used obtained authentication codes to drain cryptocurrency from FTX’s digital wallets.

The attack appears to have exploited FTX’s weak security, which the company’s new CEO highlighted after taking over in the wake of its collapse. SIM-swapping has become an increasingly common hacking vector against crypto firms and public figures in the sector.

The downfall of FTX, once a darling of the crypto industry valued at $32 billion, has rocked the digital asset sector. Its founder, Sam Bankman-Fried, faces decades in prison after being convicted on fraud charges last year. Bankman-Fried denied involvement in the hack, speculating it could have been an inside job — a theory now dismissed by authorities.

Share this article

Loading...