In a significant move to combat cybercrime, the United States Department of Justice (DOJ) has filed charges against Robert Powell, Carter Rohn, and Emily Hernandez for their alleged involvement in a SIM-swapping scheme that unfolded in November 2022.
The charges include fraud and identity theft, signaling a firm stance against illicit activities in the digital realm.
The accused individuals are suspected of orchestrating a series of SIM-swap attacks, a sophisticated method aimed at fraudulently gaining access to individuals’ online accounts. This tactic involves tricking mobile carriers into transferring victims’ phone numbers to SIM cards controlled by the attackers, thereby granting unauthorized access to personal information and compromising two-factor authentication codes used for enhanced login security.
According to the indictment, Powell, Rohn, and Hernandez obtained personal data from approximately 50 individuals and manipulated service providers into transferring victims’ details to their own devices. With access to authentication codes for financial accounts and cryptocurrency wallets, the trio allegedly executed unauthorized transactions and unlawfully transferred over $400 million in digital assets.
Of particular concern is Hernandez’s alleged use of a fake ID belonging to an FTX employee to impersonate them at AT&T, thereby gaining access to their account and obtaining verification codes for accessing FTX’s crypto wallets.
Blockchain security firm Elliptic has suggested a strong likelihood of FTX being the “Victim Company-1” mentioned in the indictment, pointing to multiple unauthorized transactions totaling around $400 million shortly after the exchange filed for bankruptcy in November 2022.
This development underscores a concerning trend of SIM-swap attacks targeting entities within the cryptocurrency space. Threat actors exploit compromised accounts to launch phishing campaigns, heightening the vulnerability of digital assets and online security.
ZachXBT, a blockchain investigator, expressed concern over the persistence of SIM-swapping and phishing incidents, emphasizing the ongoing threat to individuals and organizations, with millions of dollars at stake.
The recent SIM-swap incident involving the U.S. Securities and Exchange Commission (SEC) further highlights the pervasive nature of cyber threats, emphasizing the need for robust security measures to safeguard against unauthorized access and fraudulent activities in the digital domain.
As the DOJ continues its pursuit of justice in this case, it underscores the importance of vigilance and proactive measures to mitigate the risks associated with cybercrime, particularly within the growing cryptocurrency ecosystem.