On 18 January 2024, an indictment against three U.S. nationals—Robert Powell, Carter Rohn, and Emily Hernandez—shed light on a sophisticated cybercriminal operation. These individuals, accused of orchestrating a SIM Swap attack that led to the theft of $400 million in virtual currency from FTX, are believed to have been mere instruments in a broader scheme potentially orchestrated by Russian cybercrime groups.
The trio, referred to as the “Powell SIM Swapping Crew” in legal documents, allegedly exploited SIM swapping tactics. This method involves deceiving telecommunication companies into transferring a victim’s mobile phone registration to a SIM card controlled by the attackers, thereby granting them access to critical authentication codes. This breach occurred coincidently with the tumultuous bankruptcy filing of the Bahamas-based cryptocurrency exchange FTX on November 11, 2022, and the subsequent arrest of its CEO, Sam Bankman-Fried, on charges of embezzling billions from customer funds.
On the night FTX announced its bankruptcy, crypto assets worth hundreds of millions vanished from the exchange, a heist that remained largely unattributed until now. The timing of the theft, meticulously executed at 9:22 pm on November 11, aligns perfectly with the indictment details, strongly suggesting that the victim company, referred to only as “Victim Company-1,” is indeed FTX.
Further intrigue is added by a report from Elliptic, a blockchain analysis firm, which identified the laundering of the stolen FTX funds through exchanges connected to Russian criminal entities. This revelation hints at a sophisticated international money laundering network, potentially under Russian auspices, raising questions about the true masterminds behind the theft.
Despite the charges against the U.S. nationals, emerging evidence suggests a more complex web of cybercrime with potential links to Russia. The utilization of mixing services like ChipMixer and Sinbad, known to be favored by Russian cybercriminals and sanctioned by the US Treasury Department, underscores the potential involvement of Russian entities in laundering the stolen funds.
As the case unfolds, the hypothesis that Russian cybercrime organizations orchestrated this elaborate theft, utilizing the indicted U.S. citizens as pawns in their scheme, gains credence. This development challenges the narrative surrounding the FTX collapse and highlights the intricate and global nature of cybercrime in the crypto landscape. The unfolding investigation may reveal further connections to international cybercriminal networks, potentially offering a pathway to recovering some of the stolen assets and providing restitution to FTX‘s creditors.
