Three people were indicted for an identity theft conspiracy that allegedly included the $400 million hack from FTX on the identical day in November 2022 that the doomed cryptocurrency exchange filed for bankruptcy protection, court records show.
Robert Powell, the 26-year-old alleged ringleader of the SIM-card swapping group that drained that crypto out of FTX’s virtual wallets, was ordered released on a $10,000 bond after a detention hearing Friday in Chicago federal court. Powell’s attorney Gal Pissetzky declined to comment.
The Illinois resident and the opposite two defendants, Carter Rohn, 24, and 23-year-old Emily Hernandez, are charged with conspiracy to commit wire fraud and conspiracy to commit aggravated identity theft and access device fraud, in a scheme that ran from March 2021 to last April, and involved the co-conspirators traveling to cellphone retail stores in greater than 15 states.
All three were arrested last week of their respective states.
The indictment issued in U.S. District Court in Washington, D.C., says the trio shared the non-public identifying information of greater than 50 victims, created fake identification documents within the victims’ names, impersonated them after which accessed their victims’ “online, financial and social media accounts for the aim of stealing money and data.”
The scheme relied on duping phone firms into swapping the Subscriber Identity Module of cellphone subscribers right into a cellphone controlled by members of the conspiracy, the indictment said. That in turn allowed the conspirators to defeat the multifactor authentication protection on the victims’ accounts, giving them access to the cash in those accounts.
Rohn, an Indianapolis resident, was ordered held without bond after his arrest. His detention hearing will probably be held later in Washington.
Hernandez, who lives in Fountain, Colorado, was released last week on a $10,000 bond.
A spokeswoman for the U.S. Attorney’s Office in Washington, which is prosecuting the case, declined to comment.
The indictment doesn’t discover FTX by name because the primary victim of the conspiracy, but the small print of the hack described in that charging document align with the small print publicly known concerning the theft from FTX, which was collapsing on the time of the attack.
A source aware of the case confirmed that FTX was the victim mentioned within the indictment.
Former FTX Chief Sam Bankman-Fried was convicted in November 2023 of conspiracy and wire fraud charges related to stealing $10 billion or more from customers. He’s awaiting sentencing in Manhattan federal court next month.
The brand new indictment related to the hack says that on Nov. 11, 2022, on the identical day that FTX filed for bankruptcy protection, “Powell instructed his co-conspirators to execute a SIM swap of the cellular telephone account of an worker of Victim Company-1,” or FTX.
Later that very same day, an unidentified co-conspirator sent Hernandez a fraudulent identification document containing personally identifiable details about an FTX worker, “but bearing Hernandez’s photograph, which Hernandez then used to impersonate that person at a mobile service provider in Texas,” the indictment alleges.
After getting access to the AT&T account of the FTX worker, co-conspirators sent Powell authentication codes that were needed to access the crypto company’s online accounts, the indictment says.
Afterward Nov. 11 and continuing into the following day, “co-conspirators transferred over $400 million in virtual currency from [FTX’s] virtual currency partitions to virtual currency wallets controlled by the co-conspirators.
The indictment says that several weeks before the FTX hack, the scheme looted $293,000 in virtual currency from one victim, and days later, stole greater than $1 million in crypto from one other person.
A day after the FTX hack, the conspirators stole about $590,000 in crypto from a person’s virtual wallet.
The arrests got here three months after the blockchain intelligence company Elliptic reported that 180,000 units of the cryptocurrency Ether had been dormant after being stolen within the FTX hack, but then was converted into Bitcoin in late September. The Ether by that time was value $300 million.
Elliptic reported that the tactic of laundering the stolen crypto in an effort to cover its origin that a Russia-linked actor was behind the hack of FTX.
“Of the stolen assets that could be traced through ChipMixer, significant amounts are combined with funds from Russia-linked criminal groups, including ransomware gangs and darknet markets, before being sent to exchanges,” Elliptic said in a report in October. “This points to the involvement of a broker or other intermediary with a nexus in Russia.”
Don’t miss these stories from CNBC PRO: