A British man who hacked prominent Twitter accounts (now known as X) as part of a Bitcoin scam has been ordered to hand over £4.1 million in stolen cryptocurrency.
Joseph O'Connor from Liverpool hacked more than 130 accounts in July 2020, including those of Barack Obama, Joe Biden and Elon Musk.
The 26-year-old fled to Spain, where his mother lives, before being arrested and extradited to the US for trial.
He was sentenced to five years in prison for cyber crimes, but now must hand over a batch of cryptocurrency he collected through various hacking attacks and scams.
O'Connor, known as PlugwalkJoe, ran a so-called “free gift scam” on other young people and teenagers, hacking into Twitter's internal systems and taking over high-profile accounts.
Three other hackers have been charged with fraud, with American teenager Graham Clark pleading guilty to fraud in 2021.
The hackers gained access to the accounts by first convincing a small number of Twitter employees to hand over their internal login details, which ultimately gave them access to the social networking site's administrative tools.
They used social engineering techniques to gain access to the site's powerful internal control panel.
Once on the Twitter accounts of famous people, they pretended to be celebrities and tweeted asking followers to send bitcoins to various digital wallets, promising to double their money.
The scam saw some 350 million Twitter users view suspicious tweets from the official accounts of some of the platform's biggest users, including Apple, Uber, Kanye West and Bill Gates.
Thousands of people were tricked into believing that the cryptocurrency giveaway was real.
From July 15 to 16, 2020, scammers made 426 transfers of varying amounts from people hoping to double their money.
In total, over 12.86 BTC was stolen, which was worth around $110,000 (£83,500) at the time. It is now worth $1.2 million.
The Crown Prosecution Service (CPS) said investigators believe more of the cryptocurrencies linked to O'Connor came from criminal hacking attacks he carried out with other teenagers and young adults he met while playing Call of Duty online.
In total, CPS returned 42 bitcoins and other digital currency to him.
Adrian Foster, chief prosecutor for the CPS Proceeds of Crime Unit, said O'Connor “targeted high-profile people and used their accounts to scam people out of their crypto assets and money.”
“Even if someone is not convicted in the UK, we can still ensure they do not benefit from their criminal activities,” he said.
