In the intricate world of cybercrime, the story of Robert Powell and his associates unfolds as a modern-day heist saga, intertwining sim swapping, online fraud, and the eventual collapse of the crypto exchange, FTX. This narrative, pieced together from criminal investigations and crypto market turmoil, showcases how a group of tech-savvy individuals exploited vulnerabilities in security systems to orchestrate a multimillion-dollar theft.
The Genesis of a Cyber Criminal: Robert Powell
The story begins in June 2020, with a series of seemingly unrelated criminal activities. In South Bend, Indiana, members of the criminal gang known as the Choa Boys committed a home invasion, armed with handguns and an AR-15, seeking a stash of cash, drugs, and illegal pills. Weeks later, in Cedar City, Utah, a couple transporting $250,000 in cash was robbed by the same gang. These incidents initially appeared as isolated cases of robbery, but they were soon linked to a larger scheme involving online fraud.
The investigation into the stolen money revealed that the couple was acting as money mules for a man named Robert Powell, who was orchestrating a large-scale online fraud operation. Powell's method involved buying PayPal accounts on the dark web and transferring funds through dummy accounts, using stolen information also purchased from illegal websites. The money mules would then transfer the stolen funds into their personal bank accounts, withdraw the cash, and hand it over to Powell for a percentage. This operation had allegedly generated at least $1.3 million over two years.
Sim Swapping and the Digital Underground
As authorities closed in, Powell began to cover his tracks. However, he resurfaced in February 2021 in Highland Park, Illinois, connecting with other fraudsters known by their online personas, El swapo 1, M, and puns Slayer. This group specialized in social engineering and sim swapping, a technique where a scammer transfers a victim's SIM card to their own device, gaining control over the victim's phone number. This control allows the scammer to intercept text messages and authentication codes, bypassing two-factor authentication and gaining access to the victim's accounts.
El swapo 1, later identified as Powell himself, already had a network of money mules from his previous schemes. The group planned their first sim swap, targeting individuals for identity theft and financial gain. They would run in-depth background checks on their targets, find their addresses on the dark web, and purchase fake driver's licenses with the target's information but with the picture of one of the fraudsters.
In one instance, puns Slayer, whose real name was Carter R, flew to New Mexico with a fake ID and convinced an employee at the victim's phone provider to transfer the target's phone number to R's SIM card. This successful sim swap marked the beginning of a large-scale operation.
Targeting FTX: The Perfect Storm
By mid-2022, Powell shifted his focus from individual crypto traders to larger entities, specifically crypto exchanges. He believed that targeting an exchange like FTX could yield significantly greater financial rewards.
The opportunity arose in November 2022, when Ian Allison, a journalist for CoinDesk, exposed the connection between Alameda Research and the crypto exchange FTX, both controlled by Sam Bankman-Fried. Allison's report revealed that a significant portion of Alameda's assets was in FTT tokens, a cryptocurrency created by FTX. This meant that Alameda's financial stability was tied to an illiquid, self-issued asset, and that the price of FTT was likely being artificially inflated.
The revelations led to a crypto market crash, with Binance, a major crypto exchange, announcing it would sell its holdings of FTT tokens. The price of FTT plummeted, sparking a bank run on FTX and widespread rumors of insider trading and misuse of customer funds.
Seeing the chaos, Powell recognized an opportunity to exploit the situation. He informed puns Slayer and M about a potential heist, and they agreed to target FTX. Powell identified an FTX employee, supposedly Jen Chan, the company's Chief Financial Officer, as the perfect target for impersonation.
The FTX Heist: Execution and Aftermath
The plan involved M, identified as Emily Hernandez, performing a sim swap at an Apple store in El Paso, Texas. Simultaneously, another person, likely Carter R, was tasked with performing a distraction sim swap on another FTX employee.
On November 11, 2022, as Sam Bankman-Fried and his lawyers declared bankruptcy for FTX, Hernandez and R executed their parts of the plan. Hernandez successfully swapped the SIM card of the FTX employee. R also completed the sim swap. Powell then used the compromised information to access FTX's financial control panels, gaining access to hundreds of millions of dollars.
Powell began transferring funds, starting with $15 million in Ethereum to one of his wallets. However, the unusual activity was quickly noticed by Zack Dexter, the CEO of FTX's subsidiary, LedgerX. Dexter discovered unauthorized transfers and alerted other FTX members. As Dexter tried to secure the remaining assets, Powell continued to move funds.
Ultimately, Powell managed to steal $477 million before FTX's wallets were emptied. To launder the stolen funds, Powell used various techniques, including:
• Stable coin Exchanges: Converting stable coins into other cryptocurrencies.
• Mixers/Tumblers: Using services like Tornado Cash to mix the funds and obscure their origin.
• Cross-Chain Swaps: Converting Ethereum to Bitcoin using Thor Swap and rBridge.
Despite losing over $91 million in fees and price changes, Powell successfully laundered over $300 million.
The Downfall and Capture
Despite the success of the heist, Powell and his team made a critical mistake: they continued sim swapping. This ultimately led to their downfall. FBI agent Brent Bledo, investigating the FTX hack, found connections to Robert Powell. It is speculated that Emily Hernandez was caught on CCTV while performing a sim swap, and her identity was linked to the FTX hack.
Hernandez was arrested and, as part of a plea deal, cooperated with the government, providing information that led to the arrest of Powell and others. Powell is currently under house arrest, awaiting trial.
Conclusion
The FTX heist, orchestrated by Robert Powell and his team, represents a significant case of cybercrime, exploiting sim swapping and vulnerabilities within the crypto world. The heist exposed the weaknesses in security measures and the potential for exploitation in the rapidly evolving cryptocurrency landscape. The case serves as a cautionary tale, highlighting the need for robust security protocols and constant vigilance in the digital age.
Responses (0 )