A nearly year-long mystery about who hacked crypto exchange FTX and stole $400 million in crypto from the company’s accounts has finally been solved.
Last week, the Department of Justice charged three people – Robert Powell, Carter Rohn, and Emily Hernandez – with running an elaborate SIM-swapping identity theft ring that targeted FTX and dozens of other victims.
- Three people (Robert Powell, Carter Rohn, Emily Hernandez) were indicted for a SIM-swapping identity theft conspiracy that included stealing $400 million from crypto exchange FTX as it collapsed in November 2022.
- The trio allegedly used fake IDs and impersonated victims to access their phone accounts and defeat multifactor authentication, allowing them to steal money and crypto from dozens of victims over nearly 2 years.
- They targeted an employee of FTX on the same day the company filed for bankruptcy and drained $400 million from FTX’s crypto wallets into their own accounts.
- The method involved tricking AT&T to do a SIM swap, gaining access to the employee’s account and authentication codes needed to access FTX’s accounts.
- The arrests come after blockchain intelligence company Elliptic had reported in October that some of the stolen FTX funds were being laundered through Russian-linked money launderers.
The trio allegedly spent nearly two years impersonating victims using fake IDs to gain access to their phone and financial accounts. Once they defeated multifactor authentication, they drained money, crypto, and other data from accounts.
But their biggest single heist targeted FTX on the same day in November 2022 that the major crypto exchange started collapsing. Powell instructed the other two defendants to perform a SIM swap against an FTX employee’s AT&T cellular account. This allowed them to intercept authentication codes needed to access FTX’s crypto wallets.
Over the next day, the conspirators swiftly transferred over $400 million in crypto into accounts they controlled before FTX could even realize funds were missing. The speed and precision of the hack as FTX dissolved led many to speculate it could have been an inside job.
U.S. authorities have charged three in apparent connection to the $400 million FTX theft, unveiling a sophisticated SI million swapping scheme. https://t.co/Nl6IjN7pNR
— CoinDesk (@CoinDesk) February 4, 2024
But these arrests make clear it was the work of an outside hacking ring that had spent months perfecting techniques to defeat phone-based authentication systems. The crime exploited a vulnerability many individuals and companies still fail to recognize – that a phone account hijack often means widespread account breaches.
It also shows that the conspirators had been gearing up for bigger and bigger scores. In the weeks before the FTX attack, they stole nearly $300,000 in crypto from one victim and over $1 million from another. The day after cleaning out FTX’s accounts, they stole another $590,000 from an individual.
The methods and timeline traced back to Powell, Rohn and Hernandez answer the central mystery around the FTX crypto theft. But questions still remain about where the stolen funds have ended up in the months since.
Blockchain tracking company Elliptic reported in October that $300 million of the stolen Ether was converted to Bitcoin and laundered through Russian-linked money launderers and criminal operations.
If true, the FTX theft could end up funding dangerous world actors and operations. For cybersecurity experts and crypto watchers, the arrests closed one chapter in the FTX saga but opened another perhaps even more disturbing one. Expect more revelations to come in 2024.