DOJ shares the latest update on the November 2022 attack that cost FTX $400 million. The United States Department of Justice (DOJ) announced charges against three individuals involved in a sophisticated SIM-swapping attack. The charges state that the group stole more than $400 million from the accounts of an unnamed company believed to be FTX.
Robert Powell led a group called the “Powell SIM Swap Team”. Authorities reported that he carried out fake SIM swap attacks from March 2021 to April 2023. Robert Powell allegedly worked with Emily Hernandez of Colorado to illegally access victims’ devices.
They used the personal data of around 50 victims to convince them to port their phone numbers to a fake phone they had. This included multi-factor authentication codes that allowed them to break into the victims’ financial accounts and crypto wallets.
In the November 2022 FTX attack, Hernandez allegedly impersonated a Victim Company-1 employee at a mobile service store in Texas. This action facilitated Powell’s unauthorized access to the company’s AT&T account. The breach allowed them to access the company’s crypto wallets and illegally transfer virtual currency.
The attack came at a critical time for FTX, which began losing crypto assets in its wallets as the company teetered on the brink of bankruptcy. Blockchain analytics firm Elliptic estimated the damage at $477 million. This figure, which is incomparable to any other crypto theft at the time, strongly suggests that FTX was the company referred to as “Victim Company-1” in the indictment.
