A SIM-swapping attack would be behind the incredible FTX heist of November 2022, according to American justice. The latter has just revealed the criminal proceedings against three Americans, suspected of being behind this heist worth more than 400 million dollars.
The enormous loot had been siphoned off when the crypto-asset exchange platform, then one of the largest in the world, had just been declared bankrupt.
FTX is not specifically cited by American justice. But everything points to it in this mention of a crypto-asset exchange platform victim of a theft of more than 400 million dollars around November 11, 2022. After this hack, the controversial CEO of FTX, Sam Bankman-Fried, had once been suspected.
The Russian money laundering trail
Likewise, the blockchain analysis company Elliptic, which had estimated the theft at exactly the equivalent of $477 million, had wondered about a possible Russian lead.
She reported last October the laundering of part of the theft in connection with criminal groups involved in ransomware, while noting that the theft could also be the work of a person inside the company or an external group, in particular because of the company’s security failures.
A posteriori, it is the second hypothesis which seems to be the correct one. According to American justice, two men and a woman, living in Chicago, Indianapolis and Colorado Springs, were in reality behind this theft after a SIM-swapping maneuver, this way of recovering an assigned SIM card. to a subscriber by an operator.
Flights starting at $15,000
After falsifying identity documents, this group, named in the indictment “Powell SIM Swapping Crew”, after the name of the person considered to be the leader, allegedly went to Apple or telephone operator stores. in ten states.
This would have allowed them to obtain control of telephone lines and therefore access to online accounts or data on their victims. In addition to the theft to the detriment of FTX, these SIM card exchanges would have resulted in thefts ranging from the equivalent of 15,000 to a million dollars.
American justice does not detail how, from taking possession of a single line, the pirates were able to siphon funds from FTX. But it suggests that at least one employee at the company had particularly broad access rights to private keys, a significant security flaw.
The media Wired reported how FTX staff struggled in November 2022 to prevent thieves from leaving with more than a billion dollars in crypto. They had thus transferred the equivalent of half a billion to the cold wallet of a USB key in an incredible way to escape the hackers.