Reading 4 min Published Updated
British hacker Joseph O’Connor, also known online as PlugwalkJoe, was sentenced to five years in prison in the US for his role in stealing $794,000 worth of cryptocurrencies with a SIM-swapping attack on a cryptocurrency exchange executive back in April 2019. .
O’Connor was initially arrested in Spain in July 2021 and extradited to the US on April 26, 2023. In May, he pleaded guilty to a variety of charges related to conspiracy to commit computer intrusions, conspiracy to commit wire fraud and conspiracy to engage in money laundering, to name but a few.
plugwalkjoe is getting his sentence in 5 days, so it’s time to bring this gem back pic.twitter.com/OOBqD2FaFA
— rip @ironic (@ripironic) June 18, 2023
The prison sentence was underscored in a June 23 statement from the U.S. Attorney’s Office for the Southern District of New York.
“In addition to jail time, O’Connor was sentenced to three years of parole. In addition, O’Connor was ordered to pay $794,012.64 in forfeiture,” the statement said.
The name of the hacked cryptocurrency executive was not released, however, after replacing the SIM cards, O’Connor gained unauthorized access to accounts and computing systems belonging to the exchange on which the executive worked.
“After stealing and fraudulently redirecting the stolen cryptocurrency, O’Connor and his accomplices laundered it through dozens of transfers and transactions and exchanged part of it for bitcoin using cryptocurrency exchange services.”
“Ultimately, some of the stolen cryptocurrency was transferred to a cryptocurrency exchange account controlled by O’Connor,” the statement said.
O’Connor’s sentence also covers crimes related to the major Twitter hack in July 2020, which ended up netting him and his team around $120,000 in illegally obtained cryptocurrencies.
1/ Time for a story that combines the craziness of crypto, the perils of hacking, and the consequences of shady actions. Buckle up as we explore the case of Joseph James O’Connor, aka PlugwalkJoe, the mastermind behind the infamous Twitter hack of July 2020!#Crypto
— cryptocurrency Camel (@CamelChronicles) June 24, 2023
The hackers used a series of “social engineering” and SIM-swapping attacks to take over about 130 known Twitter accounts, as well as two large TikTok and Snapchat accounts.
“In some cases, accomplices have taken control and used that control to launch a scheme to defraud other Twitter users. In other cases, accomplices sold access to Twitter accounts to others,” the statement said.
As part of this scheme, O’Connor attempted to blackmail a Snapchat victim by threatening to release private messages publicly if they did not post messages promoting O’Connor’s identity online.
In addition, O’Connor also “harassed and threatened” the victim and “staged a series of strikes against her” by falsely reporting emergencies to authorities.
SIM card exchange is still relevant
A SIM spoofing attack involves an attacker who gains control of a victim’s phone number by associating it with another SIM card they control.
As a result, attackers can then redirect the victim’s calls and messages to a device they control and gain access to any accounts where the victim is using SMS-based two-factor authentication.
This scheme is commonly used to trick followers of known accounts into following phishing links, which ultimately results in the theft of their cryptocurrency assets.
Related: Dark web hackers sell cryptocurrency accounts for as little as $30 each
Despite O’Connor’s antics from about three years ago, SIM-swapping attacks continue to be a serious problem in the cryptocurrency sector.
Earlier this month, blockchain researcher ZachXBT uncovered a group of scammers who spoofed the SIM cards of at least eight accounts belonging to well-known cryptocurrency figures, including Pudgy Penguins founder Cole Willemain, NFT DJ and collector Steve Aoki, and Bitcoin Magazine editor Pete Rizzo.
According to ZachXBT, the group stole almost $1 million by promoting phishing links from hacked accounts.