Three individuals charged in a $400 million FTX cryptocurrency hacking scheme

On the same day in November 2022 that the failed digital currency exchange filed for protection from bankruptcy, three individuals were charged with conspiring to commit identity theft, which reportedly included the $400 million theft from FTX, according to court documents.

Following a detention hearing in Chicago federal court on Friday, Robert Powell, the 26-year-old suspected head of the SIM-card swapping organization that took the cryptocurrency out of FTX’s virtual wallets, was ordered freed on a $10,000 bail. Gal Pissetzky, Powell’s lawyer, declined to comment.

The resident of Illinois, along with the other two defendants, Carter Rohn, 24, and Emily Hernandez, 23, are accused of conspiring to commit wire fraud as well as conspiracy to commit annoyed identity theft and access device fraud. The scheme involved the co-conspirators traveling to retail stores for cell phones across more than 15 states and ran from March 2021 to April of last year.

In their separate states, all three were taken into custody last week.

The trio allegedly shared over 50 victims’ personal identifying information, made false identification documents in their names, impersonated the victims, and then gained access to their victims’ “online, financial, and social media accounts to steal money and data,” according to the indictment filed in U.S. District Court in Washington, D.C.

According to the indictment, the plan depended on tricking phone providers into exchanging customers’ Subscriber Identity Modules for a smartphone that was under the control of conspiracy participants. The conspirators were then able to access the money in the victims’ accounts by circumventing the multifactor authentication safeguard on those accounts.

Following his arrest, Rohn, an Indianapolis resident, was mandated to be detained without bail. There will be a hearing in Washington later on his detention.

Hernandez, a Fountain, Colorado resident, was freed last week after posting a $10,000 bail.

The case is being prosecuted by the U.S. Attorney’s Office in Washington, and a representative for the office declined to comment.

Although FTX is not specifically mentioned in the indictment as the primary victim of the conspiracy, the circumstances of the hack as reported in that charging document are consistent with the information that is known to the public regarding the theft from FTX, which was collapsing at the time of the attack.

The identity of FTX as the victim listed in the indictment was verified by a person with knowledge of the matter.

Sam Bankman-Fried, the former chief of FTX, was found guilty in November 2023 of conspiring to steal $10 billion or more from clients through wire fraud and conspiracy. Next month, a federal court in Manhattan will hear his punishment.

According to the latest accusation about the breach, Powell gave his accomplices instructions to “execute a SIM swap of the cellular telephone account of an employee of Victim Company-1,” or FTX, on November 11, 2022, the day FTX filed for bankruptcy protection.

The indictment claims that later that day, Hernandez received a forged identity document from an unidentified co-conspirator that included private data about an FTX employee “but bearing Hernandez’s image, which Hernandez then used to imitate that person at a cellphone company in Texas.”

According to the indictment, co-conspirators emailed Powell the authentication codes required to access the internet accounts of the cryptocurrency firm once they had access to the FTX employee’s AT&T account.

Co-conspirators “transferred over $400 million in virtual currency from [FTX’s] virtual currency barriers to virtual currency accounts controlled by the co-conspirators” later on November 11 and into the following day.

According to the indictment, the plan took $293,000 in virtual currency from one victim a few weeks before the FTX attack, and a few days later, it stole more than $1 million in cryptocurrency from another victim.

The conspirators took over $590,000 in cryptocurrency from a person’s virtual wallet one day after the FTX breach.

The arrests occurred three months after Elliptic, a blockchain intelligence startup, revealed that 180,000 Ether units had been taken in the FTX breach and had lain dormant until being converted to Bitcoin in late September. At that moment, the Ether had a $300 million value.

Elliptic said that the process of laundering the pilfered cryptocurrency to conceal its source indicated that an individual with ties to Russia was responsible for the FTX attack.

According to research published in October by Elliptic, “of the stolen assets that can be traced through ChipMixer, significant sums are combined with funds from Russia-linked illicit organizations, including ransomware cartels and darknet markets, before being sent to exchanges.” “This suggests that a dealer or other middleman with ties to Russia may have been involved.”