CyberSecurityBoard
Sponsor Register Login

Arrests in $400M SIM-Swap Tied to Heist at FTX?

Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack.
The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX, which had just filed for bankruptcy on that same day.
A graphic illustrating the flow of more than $400 million in cryptocurrencies stolen from FTX on Nov. 11-12, 2022.
The indictment says the $400 million was stolen over several hours between November 11 and 12, 2022.
Tom Robinson, co-founder of the blockchain intelligence firm Elliptic, said the attackers in the FTX heist began to drain FTX wallets on the evening of Nov. 11, 2022 local time, and continuing until the 12th of November.
Robinson said Elliptic is not aware of any other crypto heists of that magnitude occurring on that date.
Either way, it's certainly over $400 million, and we are not aware of any other thefts from crypto exchanges on this scale, on this date.
The SIM-swappers allegedly responsible for the $400 million crypto theft are all U.S. residents.
There are some indications they had help from organized cybercriminals based in Russia.
In October 2023, Elliptic released a report that found the money stolen from FTX had been laundered through exchanges with ties to criminal groups based in Russia.
Nick Bax, director of analytics at the cryptocurrency wallet recovery firm Unciphered, said the flow of stolen FTX funds looks more like what his team has seen from groups based in Eastern Europe and Russian than anything they've witnessed from US-based SIM-swappers.
CISA's alert on Scattered Spider says they are a cybercriminal group that targets large companies and their contracted information technology help desks.
Nick Bax, posting on Twitter/X in Nov 2022 about his research on the $400 million FTX heist.
Earlier this week, KrebsOnSecurity published a story noting that a Florida man recently charged with being part of a SIM-swapping conspiracy is thought to be a key member of Scattered Spider, a hacking group also known as 0ktapus.
That group has been blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022.
Financial claims involving FTX's bankruptcy proceedings are being handled by the financial and risk consulting giant Kroll.
In August 2023, Kroll suffered its own breach after a Kroll employee was SIM-swapped.
According to Kroll, the thieves stole user information for multiple cryptocurrency platforms that rely on Kroll services to handle bankruptcy proceedings.
KrebsOnSecurity sought comment for this story from Kroll, the FBI, the prosecuting attorneys, and Sullivan & Cromwell, the law firm handling the FTX bankruptcy.
Attorneys for Mr. Powell said they do not know who Victim 1 is in the indictment, as the government hasn't shared that information yet.


This Cyber News was published on krebsonsecurity.com. Publication date: Thu, 01 Feb 2024 18:45:19 +0000


Cyber News related to Arrests in $400M SIM-Swap Tied to Heist at FTX?

Arrests in $400M SIM-Swap Tied to Heist at FTX? - Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct ...
10 months ago Krebsonsecurity.com
The Mystery of the $400 Million FTX Heist May Have Been Solved - When more than $400 million worth of crypto was mysteriously pulled out of the coffers of what was once the world's biggest cryptocurrency exchange, FTX, on the very day that it declared bankruptcy in November of 2022, many initially suspected ...
10 months ago Wired.com
- In the contemporary landscape dominated by digital interconnectedness, the escalating menace of cybercrime has assumed unprecedented proportions. The latest threat on the horizon is the insidious 'SIM Swap' scam, an advanced scheme exploiting ...
10 months ago Cysecurity.news
Store manager admits SIM swapping his customers - A 42-year-old manager at an unnamed telecommunications company has admitted SIM swapping customers at his store. SIM swapping, also known as SIM jacking, is the act of illegally taking over a target's cell phone number and re-routing it to a phone ...
8 months ago Malwarebytes.com
T-Mobile, Verizon workers get texts offering $300 for SIM swaps - Criminals are now texting T-Mobile and Verizon employees on their personal and work phones, trying to tempt them with cash to perform SIM swaps. The targeted employees have shared screenshots of messages offering $300 to those willing to aid the ...
7 months ago Bleepingcomputer.com
FCC adopts new rules to protect consumers from SIM-swapping attacks - The Federal Communications Commission has revealed new rules to shield consumers from criminals who hijack their phone numbers in SIM swapping attacks and port-out fraud. FCC's Privacy and Data Protection Task Force introduced the new regulations in ...
1 year ago Bleepingcomputer.com
FCC Warns Carriers to Protect Customers Against SIM Swaps - A month after issuing new rules to push back against SIM-swap and similar schemes, the Federal Communications Commission is warning mobile phone service providers of their obligations to protect consumers against the growing threat. SIM swapping - ...
11 months ago Securityboulevard.com
Former FTX executive Salame sentenced to over 7 years in prison - Another former executive of FTX has been jailed over his part in the cryptocurrency giant's implosion in late 2022. Ryan Salame, who was the co-CEO of FTX's Bahamian subsidiary, was sentenced to 90 months in prison, US federal prosecutors said. ...
6 months ago Packetstormsecurity.com
Kroll reveals FTX customer info exposed in August data breach - Risk and financial advisory company Kroll has released additional details regarding the August data breach, which exposed the personal information of FTX bankruptcy claimants. Kroll said the exposed data included coin holdings and balances, which ...
11 months ago Bleepingcomputer.com
TRAI Updates Regulations to Prevent SIM Swap Fraud in Telecom Porting - The Telecom Regulatory Authority of India recently announced updated regulations aimed at combating SIM swap fraud in the telecom sector. The TRAI highlighted that this measure is part of its broader efforts to address concerns related to fraudulent ...
8 months ago Cysecurity.news
eSIM Vulnerabilities: SIM Swappers Exploit Flaws, Hijack Phone Numbers - According to a new report, SIM-swapping crimes are rising worldwide, mainly committed by eSIM users. eSIMs are digitally stored SIM cards that are embedded using software into devices. As a result, hackers are now attempting to exploit ...
8 months ago Cysecurity.news
It was other crims what did it: SBF off hook for FTX hack The Register - Infosec In Brief The recent indictment of a massive SIM-swapping ring may mean convicted crypto conman Sam Bankman-Fried is innocent of at least one allegation still hanging over his head: The theft of more than $400 million in crypto hacked from ...
9 months ago Go.theregister.com
Google Removes Foreign eSIM Apps Airola and Holafly from PlayStore - Google has removed Airola and Holafly from its PlayStore for Indian users due to their sale of international SIM cards without the necessary authorizations. The decision came from the department of telecommunications, which also contacted internet ...
10 months ago Cysecurity.news
FCC reminds mobile phone carriers they must do more to prevent SIM swaps - The Federal Communications Commission is warning mobile phone service providers to ensure they are shielding customers from cybercriminals who use fraudulent SIM swaps to take over unwitting victims' mobile phone accounts. The warning comes on the ...
11 months ago Therecord.media
Former telecom manager admits to doing SIM swaps for $1,000 - A former manager at a telecommunications company in New Jersey pleaded guilty to conspiracy charges for accepting money to perform unauthorized SIM swaps that enabled an accomplice to hack customer accounts. SIM swapping is an unauthorized porting of ...
8 months ago Bleepingcomputer.com
Google Fi Data Breach Reportedly Led to SIM Swapping - The Google Fi telecommunications service has informed customers about a data breach that appears to be related to the recently disclosed T-Mobile cyberattack. Google Fi, which provides wireless phone and internet services, has told customers that the ...
1 year ago Securityweek.com
CVE-2024-26960 - In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to ...
7 months ago Tenable.com
Cybercriminals Could Perform SIM Card Swapping Scams - Google Fi customers were recently informed that their personal data had been exposed due to a data breach at one of its primary network providers. Google Fi, formerly known as Project Fi, is a telecommunications service that provides telephone calls, ...
1 year ago Cybersecuritynews.com
SEC confirms X account was hacked in SIM swapping attack - The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. Earlier this month, the SEC's X account was hacked to issue a fake ...
10 months ago Bleepingcomputer.com
SIM swapper gets 8 years in prison for account hacks, crypto theft - Amir Hossein Golshan, 25, was sentenced to eight years in prison by a Los Angeles District Court and ordered to pay $1.2 million in restitution for crimes involving SIM swapping, merchant fraud, support fraud, account hacking, and cryptocurrency ...
1 year ago Bleepingcomputer.com
Europol shutters ransomware operation with kingpin arrests The Register - International law enforcement investigators have made a number of high-profile arrests after tracking a major cybercrime group for more than four years. A joint investigation team, spearheaded by French authorities, formed in 2019 to bring down a ...
1 year ago Theregister.com
SEC Says SIM Swap to Blame for Breached X Account - A new statement from the Securities and Exchange Commission explained that the regulator's X account was compromised after a threat actor was able to gain control of the phone number associated with the account, in a SIM-swapping cyberattack. ...
10 months ago Darkreading.com
Chainalysis observes decrease in cryptocurrency crime in 2023 - While the ransomware market is rising and cybercriminals continue to rack up bitcoin payments, illicit cryptocurrency activity is declining, according to new research from Chainalysis. Funds sent to illicit cryptocurrency addresses dropped from $39.6 ...
10 months ago Techtarget.com
CVE-2024-35797 - In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix two shmem bugs When cachestat on shmem races with swapping and invalidation, there are two possible bugs: 1) A swapin error can have resulted in a poisoned swap ...
6 months ago Tenable.com
CVE-2022-48689 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)