Hacker allegedly involved in 2020 Twitter hack charged with theft of $784K in crypto

The US DoJ charged the suspected Twitter hacker ‘PlugWalkJoe’ with the theft of $784,000 worth of cryptocurrency using SIM swap attacks.

The US Department of Justice has indicted Joseph James O’Connor, a suspected Twitter hacker also known as ‘PlugWalkJoe,’ for also stealing $784,000 worth of cryptocurrency using SIM swap attacks.

Crooks conduct SIM swapping attacks to take control of victims’ phone numbers tricking the mobile operator employees into porting them to SIMs under the control of the fraudsters. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The criminals could hijack social media accounts and bypass 2FA services based on SMS used by online services, including financial ones.  

According to the indictment, O’Connor and co-conspirators used SIM swaps to gain access to accounts of a Manhattan-based cryptocurrency company.

“Between approximately March 2019 and May 2019, JOSEPH JAMES O’CONNOR, a/k/a “PlugwalkJoe,” the defendant, and his co-conspirators perpetrated a scheme to use SIM swaps to conduct cyber intrusions in order to steal approximately $784,000 worth of cryptocurrency from a Manhattan-based cryptocurrency company (“Company-1”), which, at all relevant times, provided wallet infrastructure and related software to cryptocurrency exchanges around the world.” reads the press release published by DoJ.

“As part of the scheme, O’CONNOR and his co-conspirators successfully perpetrated SIM swap attacks targeting at least three Company-1 executives.”

Using this access, the alleged hackers stole $784,000 Bitcoin Cash, Litecoin, Ethereum, and Bitcoin from wallets managed by the company on behalf of clients.

“Between approximately March 2019 and May 2019, JOSEPH JAMES O’CONNOR, a/k/a “PlugwalkJoe,” the defendant, and his co-conspirators perpetrated a scheme to use SIM swaps to conduct cyber intrusions in order to steal approximately $784,000 worth of cryptocurrency from a Manhattan-based cryptocurrency company (“Company-1”), which, at all relevant times, provided wallet infrastructure and related software to cryptocurrency exchanges around the world, ” reads the unsealed indictment.

The group stole approximately 770.784869 Bitcoin cash, approximately 6,363.490509 Litecoin, approximately 407.396074 Ethereum, and approximately 7.456728 Bitcoin. 

O’CONNOR and his co-conspirators laundered the stolen funds through dozens of transfers and transactions, he deposited part of the stolen cryptocurrency into a cryptocurrency exchange account under his control.

O’Connor was already indicted for his alleged involvement in a massive Twitter hack that took place on July 2020, at the time the attackers hijacked a number of high-profile accounts, including those of Barak Obama, US presidential candidate Joe Biden, Amazon CEO Jeff Bezos, Bill Gates, Elon Musk, Uber, and Apple.

All the accounts were compromised at the same time and threat actors used them to promote a cryptocurrency scam. The attackers posted messages urging the followers of the hacked accounts to send money to a specific bitcoin wallet address to receive back larger sums.

“Everyone is asking me to give back, and now is the time,” reads a messages posted from Bill Gates’ Twitter account said. “You send $1,000, I send you back $2,000.”

Experts also noticed that attackers have changed the email addresses associated with the accounts to delay the response to the hijack.

With this fraudulent scheme, threat actors obtained nearly $120,000 worth of bitcoins (approximately 12.86 bitcoins were amassed by attackers in their wallet) from the unaware followers of the hacked accounts.

O’Connor is currently in custody in Spain waiting for the extradition requested by the US Government.

“O’CONNOR, 22, of the United Kingdom, is charged with conspiracy to commit computer hacking, which carries a maximum sentence of five years in prison; conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison; aggravated identity theft, which carries a mandatory sentence of two years in prison, which must run consecutively to any other prison term imposed on the other charges; and conspiracy to commit money laundering, which carries a maximum term of 20 years in prison.  The maximum potential sentences set forth above are prescribed by Congress and are provided here for informational purposes only, as any sentencing of the defendant will be determined by the Court.” concludes the DoJ.

“The charges in the Indictment are merely accusations, and the defendant is presumed innocent unless and until proven guilty.”

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Cryptocurrency)

[adrotate banner=”5″]

[adrotate banner=”13″]