FTX’s $400M hack
FTX’s $400M hack linked to SIM-swap attack, feds charge 3
Crypto exchange FTX was hacked for over $400 million just hours after filing for bankruptcy in 2022. Many initially believed it was an inside job.
Three individuals charged by United States prosecutors for orchestrating a series of SIM-swap attacks have been linked to the $400 million hack of FTX in 2022 that occurred just hours after it filed for bankruptcy.
In a Jan. 24 filing in a Washington, D.C. district court, U.S. federal prosecutors charged Robert Powell, Carter Rohn and Emily Hernandez with carrying out SIM-swap attacks by stealing the identities of 50 victims and convincing telecom providers to port victim’s numbers to the trio’s phones.
Extracts from the filing detailing the reported alleged attack against FTX. Source: CourtListener
A part of the filing details an attack on “Victim Company-1” where on Nov. 11 and 12, 2022, Hernandez allegedly impersonated an employee at the company, and Powell then gained access to their AT&T account, accessed company accounts and “transferred over $400 million in virtual currency” out of the crypto wallets.
A Feb. 1 blog post from blockchain security firm Elliptic said it “appears likely that FTX is the ‘Victim Company-1’ named in the indictment” as FTX’s crypto wallets had multiple unauthorized transactions totaling around $400 million in the hours after it filed for bankruptcy on Nov. 11, 2022.
A Feb. 1 Bloomberg report cited two people familiar with the case, who confirmed the company referred to in the indictment is FTX.
Some of the funds were sent to the crypto exchange Kraken shortly after the hack. Its chief security officer Nick Percoco posted to X at the time that it was aware of the user’s identity.
For months after, the exploiter wallets moved the funds through different bridges and blockchains to try to launder the stolen crypto.
SIM swapping allows attackers to intercept multifactor authentication codes often used for logins. Multiple high-profile crypto figures and projects were successfully targeted in a spate of attacks in December 2023.
The X account of the U.S. Securities and Exchange Commission was also targeted in a SIM-swap attack, the agency confirmed, after exploiters falsely posted from its account that spot
exchange-traded funds had been approved.FTX CEO and restructuring chief John J. Ray III claimed the exchange’s poor security and lack of proper systems was “pure hell” to wrangle with when he took over post-bankruptcy — likely making it a good target for the alleged SIM-swapping trio.
Powell, Rohn and Hernandez have been charged with wire fraud conspiracy and identity theft.