Just In: US DOJ Charges Five Hackers In $6.3M Crypto Hack & Corporate Data Breaches

The United States Department of Justice (DOJ) has charged five individuals in connection with a crypto hacking scheme that allegedly stole $6.3 million in cryptocurrency and breached sensitive corporate data.

The charges, announced on Wednesday, stem from a multi-year phishing and hacking operation that targeted employees of major tech firms, telecommunication companies, and cryptocurrency platforms.

US DOJ Charges Five Hackers In $6.3M Crypto Hack

The US DOJ identified the defendants as Ahmed Hossam Eldin Elbadawy, 23, of Texas; Noah Michael Urban, 20, of Florida; Evans Onyeaka Osiebo, 20, of Texas; Joel Martin Evans, 25, of North Carolina; and Tyler Robert Buchanan, 22, a UK citizen arrested in Spain earlier this year. All five have been charged with conspiracy to commit wire fraud, aggravated identity theft, and related offenses.

According to prosecutors, the group used phishing text messages to steal employees’ credentials, enabling unauthorized access to corporate systems and cryptocurrency accounts. Buchanan faces additional charges of wire fraud, which carries a potential 20-year prison sentence.

The defendants are accused of targeting at least 45 companies in the U.S., Canada, the UK, and other nations between September 2021 and April 2023. The alleged crypto hack scheme involved spoofing legitimate portals of companies such as Okta and compromising two-factor authentication to obtain sensitive information.

Phishing Attacks and Cryptocurrency Thefts

The hacking operation reportedly involved sending fraudulent SMS messages to employees of victim companies, warning them that their accounts were at risk of deactivation. These messages contained links to phishing websites designed to mimic the companies’ legitimate login portals. Employees who entered their credentials unwittingly gave the hackers access to their accounts and corporate systems.

Once inside the systems, the hackers stole intellectual property, proprietary data, and sensitive personal information. They also used SIM-swapping techniques to bypass additional account protections and reset passwords. The US DOJ stated that one victim alone lost $6.3 million in cryptocurrency due to these attacks.

Akil Davis, Assistant Director of the FBI’s Los Angeles Field Office, emphasized the dangers of phishing scams, saying, “These types of fraudulent solicitations are ubiquitous and rob American victims of their hard-earned money with the click of a mouse.”

US DOJ Links to Notorious Hacking Groups

Security researchers have linked the accused individuals to cybercrime groups known as “0ktapus” and “Scattered Spider,” which are believed to be responsible for previous high-profile attacks. 

These groups reportedly breached hundreds of companies, including Twilio, Coinbase, and Doordash, during a hacking campaign in 2022. They later expanded their operations to target gaming companies such as Riot Games in 2023.

The court documents describe the group as a loosely organized, financially motivated cybercriminal network. Law enforcement officials believe other individuals involved in the operation remain unidentified, with the indictment mentioning unnamed co-conspirators.

Potential Sentences and Ongoing Investigations

If convicted, the defendants face severe penalties. Each could receive a maximum of 20 years in prison for conspiracy to commit wire fraud, up to five years for conspiracy, and an additional mandatory two-year sentence for aggravated identity theft. Prosecutors also revealed that Urban faces fraud charges in a separate federal case in Florida.

Concurrently, former FTX executive Gary Wang recently avoided prison time despite his role in the collapse of the cryptocurrency exchange. Wang admitted to helping write the code that enabled FTX founder Sam Bankman-Fried to misappropriate $8 billion in customer funds. Judge Lewis Kaplan ruled that Wang’s cooperation with authorities and lack of personal financial gain justified leniency.

The US DOJ continues to investigate the matter, warning companies to remain vigilant against phishing attempts. U.S. Attorney Martin Estrada stated, “If something about the text or email you receive or the website you’re viewing seems off, it probably is.”