A British man convicted over the notorious 2020 Twitter hack has been ordered to repay 4.1 million pounds, equivalent to $5.40 million, worth of Bitcoin following a civil recovery order secured by UK prosecutors.
Joseph James O'Connor, now 26 years old, pleaded guilty in the United States to charges including computer intrusion, wire fraud, and extortion, receiving a five-year prison sentence in 2023.
The Crown Prosecution Service announced on Monday that it obtained a civil recovery order to seize 42 Bitcoin and other cryptocurrency assets directly linked to the massive social media breach.
The scam involved hijacking verified accounts belonging to prominent political figures, business leaders, and celebrities to solicit digital currency and threaten high-profile individuals.
The assets will be liquidated by a court-appointed trustee, with proceeds potentially directed toward victim restitution.
What Made the 2020 Twitter Hack So Devastating
The July 15, 2020, attack compromised 130 Twitter accounts between 20:00 and 22:00 UTC, including those belonging to then Democratic presidential candidate Joe Biden, Tesla CEO Elon Musk, former President Barack Obama, Microsoft founder Bill Gates, investor Warren Buffett, and reality television personality Kim Kardashian.
Major corporate accounts, including Apple, Uber, and Cash App, were also seized by the perpetrators. Twitter confirmed that approximately 45 of the 130 compromised accounts were actually used to broadcast fraudulent messages, though the scale of potential victims reached an estimated 350 million users who viewed the suspicious tweets.
The hackers posted coordinated messages promising to double any Bitcoin sent to a specific wallet address, a classic cryptocurrency scam amplified by the unprecedented access to verified accounts with millions of followers.
The breach forced Twitter, now called X, to temporarily restrict all verified accounts from posting for several hours while engineers worked to contain the damage.
Analysis by blockchain-tracking firms revealed that thousands of users fell victim to the scam, transferring approximately $118,000 in cryptocurrency to the perpetrators before authorities and Twitter's security team could thoroughly neutralize the threat.
Did you know?
Hackers didn’t breach passwords in the July 2020 Twitter hack. Instead, they used phone spear-phishing to trick a few employees and access internal “God Mode” tools, letting them hijack 130 high-profile accounts.
How Joseph O'Connor Orchestrated the Breach
Joseph O'Connor, operating under the online alias PlugwalkJoe, worked with co-conspirators to gain unauthorized access to Twitter's internal administrative tools through social engineering attacks targeting company employees.
Investigators determined that the group used phone-based social engineering, also known as vishing, to manipulate Twitter staff members into providing credentials that granted access to backend systems normally reserved for account support and security teams.
This access allowed the hackers to directly alter account settings, reset passwords, and post tweets without triggering normal security protocols that would alert legitimate account holders.
Prosecutors revealed that O'Connor's criminal activities extended beyond the Twitter breach to include cyberstalking, extortion, and the unauthorized takeover of TikTok accounts in August 2020.
Along with his accomplices, O'Connor stole at least $794,000 in cryptocurrency through multiple schemes.
The charges he eventually pleaded guilty to carried a combined maximum sentence exceeding 70 years in prison, though the actual sentence handed down was five years.
As part of his plea agreement, O'Connor agreed to forfeit over $794,000 in assets and provide restitution to victims of his various cybercrimes.
Why Spain Extradited Him to Face US Prosecution
O'Connor was arrested in Estepona, Spain, on July 22, 2021, just over one year after the Twitter breach occurred. Spanish authorities detained the then 22-year-old following a coordinated international investigation led by the US Department of Justice with assistance from law enforcement agencies across multiple jurisdictions.
Spain's National High Court approved the extradition request in February 2023 after carefully reviewing the evidence and legal arguments presented by both the prosecution and defense teams.
The Spanish court ruled that the United States was best positioned to prosecute O'Connor because the overwhelming majority of evidence, victims, and affected parties were located in American jurisdiction.
Twitter's headquarters in San Francisco placed the primary victim company under US legal authority, while the majority of compromised account holders were American citizens or entities conducting business in the United States.
O'Connor was formally extradited on April 26, 2023, and transferred to New York to face charges in the US District Court for the Southern District of New York, where he entered his guilty plea in May 2023 and received sentencing in June 2023.
ALSO READ | Anthropic CEO Warns Autonomous AI Systems Pose Rising Risks
How UK Authorities Secured the Bitcoin Seizure
British prosecutors used civil recovery powers to obtain a property-freezing order during the extradition proceedings, preventing O'Connor from accessing or transferring cryptocurrency assets suspected of being linked to his criminal enterprises.
The Crown Prosecution Service then pursued a permanent civil recovery order, which was granted by a UK court last week, authorizing the seizure of 42 Bitcoin and additional crypto assets traced to the 2020 Twitter hack and related schemes.
The civil recovery process operates independently of criminal prosecution, allowing authorities to target proceeds of crime even when convictions occur in foreign jurisdictions.
Adrian Foster, the prosecutor handling the civil recovery case, emphasized that UK authorities deployed the full force of available powers to ensure that even when someone is not convicted domestically, they cannot benefit from criminality.
This approach represents an increasingly common strategy in international cybercrime cases where perpetrators may be prosecuted in one country but hold assets in others.
The Economic Crime and Corporate Transparency Act 2023 significantly enhanced UK law enforcement capabilities by permitting asset seizures without requiring an arrest and introducing expedited powers for recovering digital assets linked to criminal activity, making the O'Connor case a demonstration of these strengthened legal tools.
What Civil Recovery Orders Mean for Crypto Crimes
Civil recovery orders, also known as non-conviction-based asset forfeiture, allow prosecutors to seize property suspected of representing proceeds from unlawful conduct without requiring a criminal conviction in the same jurisdiction.
This legal mechanism has become particularly valuable in cryptocurrency cases where assets can be transferred across borders instantly and traditional criminal proceedings may take years to conclude.
The UK framework permits authorities to freeze cryptocurrency immediately upon identifying suspicious holdings, then pursue permanent forfeiture through civil court proceedings that operate on a lower burden of proof than criminal trials.
The trend toward aggressive civil recovery in cryptocurrency cases reflects law enforcement's adaptation to the unique challenges posed by digital assets.
Traditional asset forfeiture focused on physical property, bank accounts, and real estate that remained relatively static during investigations.
Cryptocurrency's mobility and pseudonymous nature have required new legal approaches, prompting jurisdictions, including the United Kingdom, the United States, and European Union member states, to develop specialized frameworks.
The O'Connor case demonstrates that even when criminal prosecution occurs abroad, home countries can still pursue financial remedies against locally held assets, creating a multi-jurisdictional enforcement network that significantly increases risks for cybercriminals.
The recovery of $5.4 million from O'Connor marks a substantial victory for authorities working to demonstrate that cryptocurrency's perceived anonymity does not shield criminals from accountability.
As blockchain analytics tools become more sophisticated and international cooperation improves, law enforcement agencies are successfully tracing digital assets through complex transaction chains to identify perpetrators and recover proceeds.
The liquidation of O'Connor's seized Bitcoin by a court-appointed trustee will likely provide partial restitution to victims of the Twitter hack.
However, the original scam netted approximately $118,000 while the seized assets reflect significant appreciation in Bitcoin's value since 2020, when prices hovered around $9,000 compared to current levels exceeding $90,000.
Comments (0)
Please sign in to leave a comment