Amid all the drama surrounding the fall of FTX, the story of a major hack during the doomed exchange’s final hours in November of 2022 was nearly forgotten. Now, though, an FBI affidavit and cybersecurity experts reveal that was it not an inside job, as was suspected at the time, but that hackers who specialize in hijacking cell phones were responsible for stealing over $400 million. Meanwhile, evidence suggests the U.S.-based phone hackers had ties to Russian crypto thieves, and that the criminals pulled it off by targeting the account of one of the handful of top female executives at FTX.
The first big clue to who pulled off the FTX hack came on Jan. 30 when Ars Technica got its hands on a document laying out charges against three U.S. individuals who had engaged in SIM-swapping to pull off a series of crypto heists worth hundreds of millions of dollars. The document includes a list of victims who are all individuals except for “Victim Company 1,” which lost over $400 million.
It wasn’t long before security researchers, including Brian Krebs, noticed the Nov. 11 date and the enormous figure cited in the affidavit, and concluded it could only point to FTX as the hacking victim. As for how it happened, one member of the U.S.-based SIM-swapping gang, Emily Hernandez, walked into a Texas AT&T store and used a fake ID—one showing her picture but the name of an FTX employee—to take over the employee’s phone account. This allowed the gang to intercept the security codes sent by phone or text to confirm access to FTX wallets, which the hackers then proceeded to rob.
This answers most of the big questions surrounding the FTX hack, but a few mysteries remain. One is the identity of the FTX employee who got hacked—and who should have been more vigilant about protecting the company’s crypto wallets (SIM-swapping is a common peril in the crypto industry, which is why companies use additional security measures). According to the FBI, the SIM-swapping gang brought in Hernandez because they needed someone to impersonate female targets. And at FTX, the only female members of the company’s inner circle were CFO Jen Chan, COO Constance Wang, and Sam Bankman-Fried’s sometime-girlfriend, Caroline Ellison. It is very likely one of these three was the target.
The other unresolved question in the hack is who was pulling the strings of the SIM-swapping gang. The small crew, run by a 26-year-old Chicago man, are unlikely to have had the skill and sophistication to pull off a series of multimillion-dollar crypto attacks, and move the money offshore. Security researchers at Elliptic say the money appears to have been laundered with the help of Russian criminal gangs, suggesting the mastermind behind the FTX caper was likely from that part of the world.
It is also notable that the Justice Department has stayed quiet instead of boasting about nabbing the criminals who pulled off the FTX hack. Instead, they buried the news deep in the indictment discovered by Ars Technica, and have also kept the case under seal. This suggests they may be trying to build a bigger case that points to people ultimately responsible for the hack. We will know soon enough—never a dull moment in the world of crypto.
Jeff John Roberts
This story was originally featured on Fortune.com