Chicago-area man charged in $400 million FTX crypto hack released on bond

A Chicago-area man charged in the $400 million hack of the failed crypto currency exchange FTX was released to home confinement Friday with orders to avoid non-essential internet use and any online gambling.

Robert Powell, 26, of Highland Park, was charged in a federal indictment unsealed this week in Washington D.C. with participating in a sophisticated “SIM swap” scheme that allegedly siphoned $400 million in virtual currency from a single company and millions more from other individual victims.

While the indictment, which was first reported by the Tribune on Tuesday, referred to the company only as “Victim Company 1,” the alleged hack occurred on Nov. 11, 2022, the same day that FTX, owned by now-convicted fraudster Sam Bankman-Fried, collapsed into bankruptcy.

At the time, speculation was rampant that the hack was an inside job. A source confirmed to the Tribune on Friday that FTX was the company allegedly victimized in Powell’s case.

Powell, who is originally from Elkhart, Indiana, was quietly arrested last week in the Chicago area while the indictment was still under seal in U.S. District Court in Washington.

He appeared at a detention hearing Friday at the Dirksen U.S. Courthouse dressed in red- and white-striped jail clothes and spoke clearly when the judge asked him a series of questions about his bond.

Under the terms of his release, Powell must stay inside his home except to go to court or for medical purposes and can only access the internet on one device, and must do so only to communicate with family or look for work.

His attorney, Gal Pissetzky, told U.S. Magistrate Judge David Weisman that Powell made most of his money gambling, which he will not be able to do without internet access. He also said the government froze Powell’s assets and that he’d be looking for a job once he’s released.

A preliminary court date in Washington had not been set as of Friday.

After the hearing, Pissetzky said declined to comment on the specifics of the case, saying that with Powell’s release, he’s looking forward to reviewing the extremely voluminous discovery” in the case with him.

Powell was among three defendants charged in the indictment with conspiracy to commit wire fraud and aggravated identity theft.

Also charged was Carter Rohn, 24, of Indianapolis, and Emily Hernandez, 23, of Colorado Springs, Colorado, records show. They were both arrested last week and have made initial appearances in federal court in their home districts.

SIM swapping is a technique in which attackers gain control of a telephone number by having it reassigned to a new device. Such attacks represent a growing security threat for government agencies and corporations because they can target not only finances but manipulate social media accounts to spread misinformation, authorities have said.

A similar scheme was used recently in the high-profile attack on the U.S. Securities and Exchange Commission’s account on the social media platform X, formerly known as Twitter.

According to the 18-page indictment, which was first made public in Chicago as part of the removal proceedings, Powell, who used the online monikers “R$” and “ElSwapo1,” teamed up with others to fraudulently obtain victims’ personal information.

In some instances, the schemers created phony identification cards and traveled to wireless service provider retail outlets in states across the country, where the fake documents were used to convince the stores to “port” data over from the victims’ phones, according to the charges.

Once the information was transferred, the defendants could circumvent two-factor authentication security, giving them access to a victims’ virtual currency accounts, social media passwords, email and other sensitive data, the indictment alleged.

The indictment listed seven specific instances in which the schemers were allegedly able to hack into a victim’s accounts and get virtual currency, commonly known as cryptocurrency.

By far the largest occurred in November 2022, when Powell allegedly directed co-conspirators to execute a SIM swap against an employee of FTX.

A co-schemer sent Hernandez a fraudulent identification document that had the victim’s personal information but Hernandez’s photo, according to the indictment. Hernandez then used the phony ID at a mobile phone service store in Texas, where she convinced them to port over the victim’s information to a new device.

Within hours, the co-conspirators had drained more than $400 million worth of virtual currency from the company’s accounts, according to the indictment.

On the same day, Powell also targeted another victim, identified only as “A.C.,” whose identity was also stolen. The charges allege a different co-conspirator impersonated A.C. at a Texas mobile store, and once the SIM swap was made, the schemers stole nearly $600,000 in virtual currency.

Other similar attacks were conducted by the group over a two-year period between March 2021 and April 2023, the indictment stated, including one instance in November 2022 when the group used the stolen identity of a victim “V.C.” at a cellphone store in Utah and stole more than $1 million.

The group pulled similar scams at stores across the country, including in Illinois, Indiana, Minnesota, Nebraska, New Mexico, Colorado, Virginia and Florida, according to the indictment.

FTX, meanwhile, announced it had been hacked shortly after filing for bankruptcy and urged customers to stay off its website.

A month later, Bankman-Fried was charged in New York with a scheme that cheated customers and investors of at least $10 billion. He was convicted of fraud in November and faces decades behind bars when he’s sentenced next month.