US DOJ charges five for a $6.3M crypto hacking scheme that used phishing to target tech and crypto firms. If convicted, they may face up to 20 years.
The U.S. Department of Justice (DOJ) has charged five individuals in connection with a crypto hacking operation that allegedly stole $6.3 million in cryptocurrency and accessed sensitive corporate data.
The charges, announced on Wednesday, are related to a multi-year phishing and hacking campaign targeting employees at major tech firms, telecommunications companies, and cryptocurrency platforms.
The Defendants and Charges
The DOJ identified the accused as Ahmed Hossam Eldin Elbadawy, 23, of Texas; Noah Michael Urban, 20, of Florida; Evans Onyeaka Osiebo, 20, of Texas; Joel Martin Evans, 25, of North Carolina; and Tyler Robert Buchanan, 22, a UK citizen arrested in Spain earlier this year.
All five face charges of conspiracy to commit wire fraud, aggravated identity theft, and other related offenses.
The group used phishing text messages to steal login credentials from employees, allowing them to access corporate systems and cryptocurrency accounts. Buchanan faces additional wire fraud charges, which could result in a 20-year prison sentence.
Phishing Attacks and Crypto Theft
The hackers allegedly targeted at least 45 companies in the U.S., Canada, the UK, and other countries between September 2021 and April 2023. The operation involved spoofing company portals, such as Okta, and bypassing two-factor authentication to steal sensitive data.
The phishing attacks involved fraudulent SMS messages warning employees that their accounts were in danger of deactivation.
These messages included links to phishing websites designed to resemble legitimate company portals. Employees who entered their login details unknowingly gave the hackers access to corporate systems and personal information.
Once inside, the hackers stole intellectual property, proprietary data, and personal details. They also used SIM-swapping techniques to bypass account security measures and reset passwords. One victim alone lost $6.3 million in cryptocurrency as a result of these attacks.
FBI Assistant Director Akil Davis warned, “These types of fraudulent solicitations are ubiquitous and rob American victims of their hard-earned money with the click of a mouse.”
Links to Notorious Hacking Groups
Security experts have linked the suspects to cybercriminal groups like “0ktapus” and “Scattered Spider,” which are believed to have conducted previous high-profile attacks.
These groups have been tied to breaches at companies like Twilio, Coinbase, and Doordash in 2022, and expanded their attacks to gaming companies like Riot Games in 2023.
The court documents describe the group as a loosely organized network of cybercriminals motivated by financial gain.
Law enforcement believes other individuals involved in the scheme remain unidentified, with some co-conspirators unnamed in the indictment.
Possible Penalties and Ongoing Investigations
If convicted, the defendants face harsh penalties, including up to 20 years in prison for conspiracy to commit wire fraud, up to five years for conspiracy, and a mandatory two-year sentence for aggravated identity theft. Urban also faces fraud charges in a separate federal case in Florida.
In a related development, former FTX executive Gary Wang recently avoided prison time despite his involvement in the collapse of the cryptocurrency exchange. Wang admitted to assisting FTX founder Sam Bankman-Fried in misappropriating $8 billion in customer funds.
Judge Lewis Kaplan ruled that Wang’s cooperation with authorities and lack of personal financial gain warranted leniency.
The DOJ continues to investigate the matter and is urging companies to be vigilant against phishing attempts. U.S. Attorney Martin Estrada cautioned, “If something about the text or email you receive or the website you’re viewing seems off, it probably is.”
