A British hacker who carried out one of the biggest ever hacks in the history of the internet has been ordered to pay back £4 million.
Joseph James O’Connor, also known as PlugwalkJoe, was sentenced to five years in prison for cybercrime offenses in the US, and the UK has now come for his stolen assets.
He was part of a small group who hacked celebrities including Kim Kardashian, Kanye West, Barack Obama, Elon Musk and Joe Biden, using their pages to advertise scams claiming their money would be doubled.
One such tweet, from the hacked account of Bill Gates, read: ‘Everyone is asking me to give back. You send $1,000, I send you back $2,000.’
The coordinated posts linked to cryptocurrency wallets for hoodwinked readers to deposit their cash.
O’Connor also threatened celebrities with the release of personal images and messages.
At the time, Twitter said hackers had targeted staff at the company ‘with access to internal systems and tools’, AKA social engineering, when people are manipulated to reveal confidential information.
O’Connor was extradited from Spain to face charges in the US, and was jailed for five years in 2023.
The Crown Prosecution Service has now obtained an order to recover 42 Bitcoin and other cryptocurrency that O’Connor made from the scheme, which holds the value of around £4.1m.
List of his crimes
Joseph James O’Connor, 26, pleaded guilty to:
- Conspiracy to commit computer intrusions x2
- Conspiracy to commit wire fraud
- Conspiracy to commit money laundering
- Committing computer intrusions x2
- Making extortive communications
- Stalking x2
- Making threatening communications
How did O’Connor scam so much money?
He used a tactic known as ‘SIM swapping’, which is when phone companies are tricked into moving a phone number to a different device.
This is usually done by finding out enough information about the target to be able to pass through security questions while posing as them, claiming to have lost their phone.
Once the phone number is reassigned, it asks as the key to other services used by the victim, as it means any codes for two-factor authentication will come to the hacker instead.
Meanwhile, the victim has lost access to their phone number.
Assets will be liquidated
In total, the Civil Recovery Order will seize over £4 million, with the assets valued at £4.1 million on November 10.
This is made up of 235.329 ETH (Ethereum), 15.23521 USDC (United States Dollar Coin), 42.378 BTC (Bitcoin) and 143273.5712677 BUSD (Binance US Dollar).
The order was made on November 14, and the crypto assets will now be liquidated by the court appointed Trustee.
O’Connor had already been ordered to pay $794,000 restitution to an unnamed crypto company in New York, whose bank account he had drained.
Adrian Foster, of the CPS Proceeds of Crime Division, said: ‘Joseph James O’Connor targeted well known individuals and used their accounts to scam people out of their crypto assets and money.
‘We were able to use the full force of the powers available to us to ensure that even when someone is not convicted in the UK, we are still able to ensure they do not benefit from their criminality.’
Get in touch with our news team by emailing us at webnews@metro.co.uk.
For more stories like this, check our news page.
