UK hacker ordered to forfeit £4.1m in Bitcoin after high-profile Twitter scam

UK hacker ordered to forfeit £4.1m in Bitcoin after high-profile Twitter scam

A British man convicted of hijacking over 130 high-profile Twitter-now X-accounts in a 2020 Bitcoin scam has been ordered to surrender £4.1 million in stolen cryptocurrency. Joseph O'Connor, 26, from Liverpool, orchestrated the attack alongside other young hackers, targeting accounts belonging to Barack Obama, Joe Biden, Elon Musk, and major corporations like Apple and Uber.

How the scam unfolded

In July 2020, O'Connor-known online as PlugwalkJoe-and his accomplices exploited Twitter's internal systems by tricking employees into revealing login credentials. Using social engineering tactics, they gained access to the platform's administrative tools, allowing them to seize control of verified accounts.

Posing as celebrities and executives, the hackers posted tweets promising to double Bitcoin sent to specified wallets. Over two days (15-16 July), 426 transactions were made to their accounts, netting 12.86 BTC-worth around $110,000 at the time but now valued at $1.2 million. An estimated 350 million users saw the fraudulent posts.

Arrest, extradition, and sentencing

O'Connor fled to Spain, where his mother resides, before being arrested and extradited to the US. In 2023, he received a five-year prison sentence for cybercrimes. Three other hackers, including US teenager Graham Clark, have also faced charges for their roles in the scheme.

The UK's Crown Prosecution Service (CPS) confirmed it has recovered 42 Bitcoin and other digital assets linked to O'Connor's crimes. Investigators believe he obtained additional crypto through separate hacks conducted with associates he met while playing Call of Duty online.

Official response

"O'Connor targeted well-known individuals and used their accounts to scam people out of their crypto assets and money. Even when someone is not convicted in the UK, we ensure they do not benefit from their criminality."

Adrian Foster, Chief Crown Prosecutor for the CPS Proceeds of Crime Division

The CPS emphasized that the forfeiture order underscores efforts to dismantle financial incentives for cybercriminals, regardless of where convictions occur.

Broader impact

The incident exposed vulnerabilities in Twitter's security protocols, prompting the platform-now rebranded as X-to overhaul its internal access controls. The scam also highlighted the risks of social engineering in high-stakes digital fraud, with thousands of users losing funds to the fake "giveaway."