Three Charged in Connection with $400 Million FTX Crypto Heist

Crime is still running rampant in the crypto industry, with SIM-swap attacks, deep fake videos, and wallet drainers wreaking havoc on victims.

Crime has had a major impact on the cryptocurrency industry since its inception, and every day, there are new developments and trends emerging. United States prosecutors charged three people with SIM-swap attacks linked to a $400 million hack of cryptocurrency exchange FTX, which happened just after its bankruptcy filing.

Additionally, cybersecurity firm Cybertrace pointed out a scam involving a deep fake video of Australian billionaire Andrew "Twiggy" Forrest promoting a fraudulent crypto trading platform. Singapore's police have also warned against the increasing threat of cryptocurrency drainers, a type of malware that targets crypto wallets through phishing attacks.

FTX Hack Linked to SIM-Swap Attacks

After the $400 million hack of the cryptocurrency exchange FTX in 2022, United States prosecutors have finally charged three people with orchestrating a series of SIM-swap attacks, possibly linking them to the heist that occurred just hours after FTX filed for bankruptcy.

The accused, Robert Powell, Carter Rohn, and Emily Hernandez, allegedly engaged in identity theft of 50 victims by convincing telecom providers to port the victims' numbers to phones controlled by the trio. According to a filing in a Washington, D.C. District Court, the attack involved impersonating an employee of the victim company, identified as "Victim Company-1," to gain unauthorized access and transfer more than $400 million in virtual currency from crypto wallets.

Blockchain security firm Elliptic and a Bloomberg report suggested that FTX is likely "Victim Company-1" mentioned in the indictment. This aligns with the timeline of unauthorized transactions from FTX's crypto wallets after its bankruptcy filing on Nov. 11, 2022. The stolen funds were reportedly moved to another crypto exchange, Kraken, where the identity of the user receiving the funds was known to its chief security officer, Nick Percoco.

The aftermath of the hack saw the exploiters attempting to launder the stolen cryptocurrency through various bridges and blockchains. FTX's restructuring chief, John J. Ray III, criticized the exchange's security measures and systems as severely lacking, making it a prime target for such attacks. Powell, Rohn, and Hernandez now face charges of wire fraud conspiracy and identity theft.

SIM-swap scams have become one of the top chosen methods for criminals to defraud their victims. In 2023, there were 54 SIM-swap scams affecting cryptocurrency projects in just 4 months. The losses of these attacks amounted to more than $13 million.

Deep Fake Scam Targets Australian Billionaire

Deep fakes are yet another emerging trend in the cybercrime space. Cybersecurity firm Cybertrace has issued a warning regarding a highly persuasive deep fake video of Andrew "Twiggy" Forrest, an Australian mining tycoon, promoting a fraudulent cryptocurrency trading platform called "Quantum AI" on social media.

The video, which surfaced on Facebook, features an AI-manipulated version of Forrest encouraging viewers to join what is claimed to be the world's leading stock and cryptocurrency trading software, promising daily profits ranging from $700 to $2,200.

Dan Halpin, the CEO of Cybertrace, expressed concerns that the video's length and repetitive nature, combined with a sales-oriented approach, could very easily deceive people. The deep fake even tries to mimic Forrest's mannerisms from a previous legitimate event, adding to its credibility.

This incident is part of a larger pattern of high-profile Australians being targeted by scammers using deep fake technology to endorse fraudulent schemes, including Australia's wealthiest person, Gina Rinehart, entrepreneur Dick Smith, and TV host Allison Langdon.

The increasing prevalence of deep fake fraud has certainly caught the attention of lawmakers in the U.S, with proposals to criminalize the production of deep fake images after fake photos of Taylor Swift were published on social media. In Australia, the surge in scams, especially those involving crypto, has resulted in huge financial losses, with over $2 billion reported lost to scams in 2022, including $148.3 million to investment scams involving cryptocurrency.

Beware: Singapore's Alert on Crypto Drainers

Meanwhile, Singapore’s police have made some recommendations on how people can keep their crypto a bit safer. Singapore authorities have issued a sobering cybersecurity warning to citizens about the increasing use of cryptocurrency drainers, or wallet drainers, which are being used to steal funds from investors across the ecosystem.

The Singapore Police Force (SPF) and the Cyber Security Agency of Singapore (CSA) have jointly released an advisory to elevate public awareness of cyberattacks involving these malicious tools. These drainers are a type of malware specifically designed to target crypto wallets, and are often deployed through phishing attacks to illicitly drain funds from users' wallets without their consent.

Authorities are particularly alarmed by the availability of commercial crypto draining kits that enable even novice cybercriminals to employ very sophisticated malware with no upfront costs. These kits operate on a drainer-as-a-service (DaaS) model, where the attackers agree to share a predetermined percentage of the stolen funds with the malware providers.

The SPF and CSA highlight that these crypto-drainer-related attacks typically start with phishing campaigns. Cybercriminals hack into prominent social media accounts or send fraudulent emails from compromised databases of major service providers to lure victims. Unsuspecting people who click on these phishing links are then redirected to counterfeit trading websites that prompt them to connect their Web3 wallets. At this point, malicious code is injected into the victim's system, granting hackers the ability to withdraw funds without needing further authorization.

Despite the absence of reported cases in Singapore, the threat is real and growing, as seen by the case of MS Drainer, a popular off-the-shelf crypto drainer. This particular malware was instrumental in facilitating the theft of $59 million worth of cryptocurrency in 2023 alone, affecting over 63,000 victims across a number of platforms, including Google search and X ads, within just nine months.

To counteract these threats, Singapore authorities recommend the adoption of hardware wallets, which are considered much more secure against these attacks. They also urge crypto investors to do extensive research before engaging with any crypto service and to report any suspicious activities to both the authorities and the crypto service providers immediately.

Crucially, in the event of an attack, victims are advised to revoke any suspicious token approvals and to transfer any remaining funds to a different, secure wallet address to mitigate any more losses.