The U.S. Department of Justice has charged five individuals connected to a hacking group accused of stealing over $11 million in cryptocurrency and sensitive data from businesses and individuals. The charges, filed on November 20, 2023, stem from a sophisticated cybercrime spree targeting cryptocurrency exchanges, telecom companies, and various corporate entities across the U.S., Canada, India, and the U.K.
The Crypto Heist: Phishing, SIM Swapping, and Massive Losses
According to the California U.S. Attorney’s Office, the defendants used phishing techniques to trick victims into revealing their login credentials, or they carried out SIM swapping attacks to hijack phone numbers and gain access to sensitive accounts. These stolen credentials then allowed the group to breach crypto exchange accounts and steal large amounts of cryptocurrency. Court documents indicate that at least 29 individuals had their crypto holdings stolen, with one victim losing more than $6.3 million in crypto assets after their email and wallet accounts were compromised.
The scale of the attack was enormous, affecting 45 companies, including a prominent U.S. crypto exchange, whose employees were targeted by SMS phishing messages that falsely claimed their accounts were about to be deactivated. These fake messages included links that led victims to phishing websites designed to steal their login information.
“We are alleging that this group of cybercriminals ran a highly sophisticated scheme, not only stealing millions of dollars in cryptocurrency but also acquiring valuable intellectual property and private data,” said Martin Estrada, the U.S. Attorney for the Central District of California. “This operation targeted hundreds of thousands of individuals and organizations, causing serious financial damage and undermining digital security.”
The ‘Scattered Spider’ Connection
The five individuals charged in the case are suspected members of the notorious “Scattered Spider” hacking group, which is believed to have carried out the majority of the crimes between September 2021 and April 2023. The defendants include:
- Ahmed Elbadawy, 23, from Texas
- Noah Urban, 20, from Florida
- Evans Osiebo, 20, from Dallas
- Joel Evans, 25, from North Carolina
- Tyler Buchanan, 22, from Scotland
Each of the accused faces multiple charges, including conspiracy, wire fraud, and aggravated identity theft. Additionally, Buchanan faces a separate charge of wire fraud. If convicted, they could each face up to 20 years in prison for the fraud-related charges alone.
The FBI’s Long Pursuit of ‘Scattered Spider’
While the group’s members have now been publicly identified, the FBI and international law enforcement have been tracking “Scattered Spider” for some time. As reported last year, the group was behind high-profile attacks on major corporations, including the hacks of Caesars Entertainment and MGM Resorts in September 2023. Even though the FBI was aware of the group’s identity and activities, it struggled to capture the criminals until now.
The latest court filings suggest that while the five individuals charged are not directly implicated in the casino hacks, there may be additional co-conspirators yet to be named. Investigators point to evidence that connects the group to a broader network of cybercriminals. For example, Buchanan was traced back to phishing websites registered in his name, and a search of his devices uncovered stolen data from a U.S. crypto exchange and a U.S. telecommunications company.
The Rise of SIM Swapping and Phishing Attacks
This case underscores the growing threat of SIM swapping and phishing in the world of cryptocurrency. By hijacking phone numbers or tricking people into revealing their private credentials, cybercriminals are able to bypass traditional security measures and access accounts with sensitive assets. The case also highlights the vulnerability of businesses and individuals to attacks that target the human element—an aspect that’s often harder to defend against than technical security systems.
As digital currencies become more popular, the incentive for hackers to target crypto holders and exchanges continues to grow. The Scattered Spider group’s success in stealing millions of dollars serves as a stark reminder of the need for individuals and businesses to take extra precautions in securing their online accounts.
What’s Next for the Defendants?
The five charged individuals are expected to face a lengthy legal process, but the full scope of their criminal activities may not yet be clear. As the investigation continues, more individuals linked to the group could be charged.
At the moment, there is no publicly available information about the defendants’ legal representation, and it’s unclear whether they have entered pleas. As authorities continue to sift through the massive amount of digital evidence, the case is likely to reveal more about the inner workings of Scattered Spider—and potentially expose even more people involved in the criminal operation.
This case serves as a powerful reminder of the risks of digital currency and the increasing sophistication of online criminals. With law enforcement closing in on the perpetrators, it’s clear that cybercrime in the crypto world is far from over, and the stakes have never been higher.
