In November of 2022, Crypto exchange FTX was hacked for over $400M, just a few hours after filing for its’ bankruptcy. Although initially thought to be an inside job, it was later discovered that FTX fell victim to a series of SIM swap attacks according to a recent filing.
In a SIM swap attack, the perpetrator obtains access to the phone number of a person, often through social engineering or other means to convince cellphone carrier employees or contractors to give them access to the number. The perpetrator then uses two-factor authentication set up through text messaging to get access to accounts.
The government alleged that three individuals carried out SIM swap attacks by stealing the identities of 50 victims and convincing telephone companies to redirect the victim’s numbers to the trio’s phones.
According to the filing, on Nov. 11 and 12, 2022, Hernandez allegedly impersonated an employee at a company, giving Powell access to their AT&T account, company accounts and finally, transferring “over $400 million in virtual currency” out of the crypto wallets. Although not stated to be FTX, it’s almost certain that it is since FTX’s crypto wallets had multiple unauthorized transactions totaling around $400 million. According to a Feb 1. Bloomberg report, two people familiar with the case also confirmed the company referred in the filing to be FTX.
But FTX isn’t the only company who fell victim to these attacks. Several high-profile crypto figures and projects were hit in a series of SIM swap attacks in December 2023 – one of them being the U.S. Securities and Exchange Commission.
The S.E.C. confirmed they had their X (formerly known as Twitter) account hacked, after exploiters falsely posted from its account that Bitcoin exchange-traded funds had been approved.
This series of events shows the increased sophistication involved in SIM swap attacks, which often result in the loss of assets from a cryptocurrency exchange. If you have questions about SIM swap attacks, contact Michael Haeberle at mhaeberle@pattersonlawfirm.com.