Three people arrested in $400 million FTX crypto hack



    Three people were indicted for an identity theft conspiracy that allegedly included the $400 million hack from FTX on the same day in November 2022 that the doomed cryptocurrency exchange filed for bankruptcy protection, court records show.

    Robert Powell, the 26-year-old alleged ringleader of the SIM-card swapping group that drained that crypto out of FTX’s virtual wallets, was ordered released on a $10,000 bond after a detention hearing Friday in Chicago federal court. Powell’s attorney Gal Pissetzky declined to comment.

    The Illinois resident and the other two defendants, Carter Rohn, 24, and 23-year-old Emily Hernandez, are charged with conspiracy to commit wire fraud and conspiracy to commit aggravated identity theft and access device fraud, in a scheme that ran from March 2021 to last April, and involved the co-conspirators traveling to cellphone retail stores in more than 15 states.

    All three were arrested last week in their respective states.

    The indictment issued in U.S. District Court in Washington, D.C., says the trio shared the personal identifying information of more than 50 victims, created fake identification documents in the victims’ names, impersonated them and then accessed their victims’ “online, financial and social media accounts for the purpose of stealing money and data.”

    The scheme relied on duping phone companies into swapping the Subscriber Identity Module of cell phone subscribers into a cellphone controlled by members of the conspiracy, the indictment said. That in turn allowed the conspirators to defeat the multifactor authentication protection on the victims’ accounts, giving them access to the money in those accounts.

    Rohn, an Indianapolis resident, was ordered held without bond after his arrest. His detention hearing will be held later in Washington.

    Hernandez, who lives in Fountain, Colorado, was released last week on a $10,000 bond.

    A spokeswoman for the U.S. Attorney’s Office in Washington, which is prosecuting the case, declined to comment.

    The indictment does not identify FTX by name as the main victim of the conspiracy, but the details of the hack described in that charging document align with the details publicly known about the theft from FTX, which was collapsing at the time of the attack.

    A source familiar with the case confirmed that FTX was the victim mentioned in the indictment.

    Former FTX Chief Sam Bankman-Fried was convicted in November 2023 of conspiracy and wire fraud charges related to stealing $10 billion or more from customers. He is awaiting sentencing in Manhattan federal court next month.

    The new indictment related to the hack says that on Nov. 11, 2022, on the same day that FTX filed for bankruptcy protection, “Powell instructed his co-conspirators to execute a SIM swap of the cellular telephone account of an employee of Victim Company-1,” or FTX.

    Later that same day, an unidentified co-conspirator sent Hernandez a fraudulent identification document containing personally identifiable information about an FTX employee, “but bearing Hernandez’s photograph, which Hernandez then used to impersonate that person at a mobile service provider in Texas,” the indictment alleges.

    After gaining access to the AT&T account of the FTX employee, co-conspirators sent Powell authentication codes that were needed to access the crypto company’s online accounts, the indictment says.

    Later on Nov. 11 and continuing into the next day, “co-conspirators transferred over $400 million in virtual currency from [FTX’s] virtual currency walls to virtual currency wallets controlled by the co-conspirators.

    The indictment says that several weeks before the FTX hack, the scheme looted $293,000 in virtual currency from one victim, and days later, stole more than $1 million in crypto from another person.

    A day after the FTX hack, the conspirators stole about $590,000 in crypto from an individual’s virtual wallet.

    The arrests came three months after the blockchain intelligence company Elliptic reported that 180,000 units of the cryptocurrency Ether had been dormant after being stolen in the FTX hack, but then was converted into Bitcoin in late September. The Ether by that point was worth $300 million.

    Elliptic reported that the method of laundering the stolen crypto in an effort to hide its origin that a Russia-linked actor was behind the hack of FTX.

    “Of the stolen assets that can be traced through ChipMixer, significant amounts are combined with funds from Russia-linked criminal groups, including ransomware gangs and darknet markets, before being sent to exchanges,” Elliptic said in a report in October. “This points to the involvement of a broker or other intermediary with a nexus in Russia.”

    Don’t miss these stories from CNBC PRO:

    Source link