Thee suspects have been charged with stealing roughly $477 million from FTX on the same day the crypto exchange declared bankruptcy, potentially resolving a lingering mystery in the twisted saga.
Although former FTX CEO Sam Bankman-Fried was convicted of a slew of fraud and related charges in the company’s collapse, he was never charged with involvement in the cyber heist, which the new indictment appears to confirm was an outside job.
The indictment mentions the theft of more than $400 million in crypto assets from ‘Victim Company-1’ on November 11 and 12, 2022, and people familiar with the matter told the Wall Street Journal that it refers to FTX.
Prosecutors say Chicagoan Robert Powell, aka ‘ElSwapo1’, was the ringleader of the hacking gang, and names co-conspirators Carter ‘Punslayer’ Rohn of Indianapolis and Emily Hernandez of Colorado Springs.
‘We’re not aware of any other thefts of this magnitude on these dates,’ Tom Robinson, cofounder of blockchain analytics firm Elliptic, told DailyMail.com. ‘It therefore seems likely that “Victim Company 1” is FTX.’
Thee suspects have been charged with stealing roughly $477 million from FTX on the same day the crypto exchange declared bankruptcy. Former FTX CEO Sam Bankman-Fried (above) was convicted of fraud and other charges, but was not involved with the heist
A spokeswoman for the US Attorney in the District of Columbia, where the case was filed, declined to comment.
Hernandez’s public defender, Kelly Christl, also declined to comment, citing her office’s media policy. Attorneys for Powell, Rohn and FTX did not immediately respond to requests for comment.
The indictment, first tied to FTX by cybersecurity reporter Brian Krebs, describes a sophisticated hacking plot known as ‘SIM Swapping,’ a form of identity theft that involves hijacking a victim’s cell phone number.
The stolen phone numbers are typically used by fraudsters to intercept one-time security codes sent via text message by banks or crypto exchanges.
Prosecutors say that, between March 2021 and April 2023, Powell’s gang pulled off numerous SIM swapping heists targeting customers of AT&T, Verizon, and T-Mobile across the country.
Using stolen personal information, the gang would use an identity card printer to create fake IDs showing the victim’s name, but the photo of a co-conspirator, according to the indictment.
Prosecutors say that the hackers would then present the fake IDs at a mobile service provider store, and convince an employee to port the victim’s phone number to a new device.
Hernandez was recruited specifically to impersonate female victims, according to the indictment.
In the case of Victim Company-1, identified as FTX, the indictment says Powell set the hack in motion on November 11, 2022, ordering his co-conspirators to execute a SIM swap of an employee of the company, who was an AT&T customer.
Prosecutors say Hernandez, using a fake ID, went to a mobile service provider store in Texas and convinced a worker there to load the target’s phone number onto a new device.
Using verification codes intercepted with the stolen number, the gang gained access to the company’s online accounts, and stole more than $400 million by the following day, the indictment alleges.
Internet sleuths posted graphics online showing proof that funds were being siphoned from FTX’s accounts as the company imploded in bankruptcy
The staggering breach came in the midst of utter chaos as FTX imploded and filed for bankruptcy, after Bankman-Fried siphoned billions of client funds to prop up his hedge fund, by lavish Bahamas real estate, and splash out political donations.
However, the theft did not go unnoticed by researchers who were monitoring FTX accounts, and multiple security researchers flagged the apparent theft.
Elliptic’s analysis put the value of the cryptoassets stolen from FTX at $477 million, though other estimates varied, due to the wildly fluctuating value of most crypto tokens at the time of the heist.
The crypto security firm has continued to trace the movement of the stolen funds since the heist, using its analysis of public blockchain ledgers.
The funds went through a series of transfers designed to obscure their origins, using techniques that Elliptic’s Robinson said were associated with Russian hacker gangs.
‘We previously indicated that the laundering suggested a nexus with Russia,’ Robinson told DailyMail.com. ‘It’s not clear whether these three individuals actually stole the crypto from FTX, or just facilitated the initial access.’
In other words, the three accused American hackers may have simply obtained the login to the victim accounts, and sold that information to foreign hackers who perpetrated the breach.
Such collaborations appear to be increasingly common, with gangs based in the US or UK using their native English skills to perpetrate elaborate social engineering ruses to steal login credentials.
They then sell those credentials to foreign hackers, often associated with Russia, who have the technical skills to pull off major heists.
Elliptic in a blog post said it was unclear whether any of the stolen crypto assets remained under the control of the indicted trio, which might allow them to be recovered.
Court records indicated that Powell, Rohn and Hernandez were being held in federal custody in their respective homes states, pending extradition to Washington DC for arraignment.