Explore how Twitter hacker Joseph O'Connor was sentenced to return £4 million worth of Bitcoin. Gain insights into identifying crypto scams, strengthening web3 security, and safeguarding yourself against fraud involving meme coins and Bitcoin by staying security-conscious.
The stolen cryptocurrencies were initially valued at about $794,000, but their worth has surged since then, resulting in a much higher restitution amount.
The British hacker behind one of Twitter’s most infamous security breaches has been ordered to surrender over £4 million ($5 million) in cryptocurrency after the value of his stolen assets skyrocketed during his imprisonment.
Joseph James O’Connor, 26, was imprisoned in the United States in 2023 for orchestrating the July 2020 Twitter hack that compromised the accounts of global figures, including Barack Obama, Joe Biden, Elon Musk, Jeff Bezos, Kim Kardashian, and other world leaders, tech executives, and major brands.
By accessing Twitter’s internal administrative tools, O’Connor and his accomplices hijacked more than 130 accounts and posted tweets urging followers to send Bitcoin with promises of doubling their money. This classic “doubling scam” leveraged the trust placed in verified accounts of high-profile personalities.
Prosecutors reported that the group collected over $794,000 through the scam—a substantial sum that highlights both the massive scope of the attack and the vulnerability of social media platforms to sophisticated cyber threats.
This week, the UK Crown Prosecution Service confirmed it had secured a civil recovery order for 42.378 BTC, 235,329 ETH, 143,273.57 BUSD, and 15.23 USDC linked to O’Connor—now valued at about £4.1 million.
These assets, which were worth only a fraction of that amount at the time of the hack, will be liquidated by a court-appointed trustee. This legal action marks a significant effort by British authorities to recover illicit gains, even when the offender was prosecuted elsewhere.
O’Connor, now residing in Spain, did not attend the London hearing, but his mother stated he was willing to forfeit all remaining interests in the funds. This indirect cooperation enabled the confiscation process, even though the defendant wasn’t physically present in court.
O’Connor pleaded guilty in the United States to a lengthy list of offenses, including conspiracy to commit computer intrusion, wire fraud conspiracy, money laundering conspiracy, extortion, threatening communications, and harassment of a 16-year-old victim. These charges reflect not only the Twitter attack, but also a broader pattern of cybercriminal activity.
He was extradited from Spain and sentenced to five years in prison before being deported earlier this year. The international extradition and prosecution process demonstrates the growing cooperation among nations to combat transnational cybercrime.
The CPS previously obtained a Property Freezing Order during extradition proceedings to prevent the stolen crypto assets from being transferred. This preventive measure was crucial to ensure the digital assets did not disappear before the legal process concluded.
Adrian Foster, Chief Crown Prosecutor for the CPS Proceeds of Crime Division, stated that the case demonstrates authorities will pursue criminal proceeds even when convictions happen abroad. “We used the full strength of available powers to ensure that even when someone isn’t convicted in the UK, we can still guarantee they don’t profit from their crimes,” he said.
Bitcoin’s price rally has dramatically increased the value of O’Connor’s stolen holdings. At the current price—near $92,800, almost ten times higher than in mid-2020—the remaining assets have ballooned to over £4.1 million, according to prosecutors.
This phenomenon highlights a unique aspect of crypto crime: the value of stolen assets can change dramatically over time. In this case, Bitcoin’s appreciation during O’Connor’s imprisonment turned an initial theft under $1 million into a multi-million-dollar seizure.
The Twitter breach ranks among the largest social media security failures ever recorded. X, then Twitter, briefly blocked verified accounts as the scam spread to over 350 million users. The incident exposed critical vulnerabilities in the platform’s internal security systems and prompted a comprehensive review of administrative access protocols.
Investigators later found that two unwitting British associates opened crypto accounts used by O’Connor, but were not involved in the fraud. These individuals were used as intermediaries without their knowledge, underscoring the complexity of modern cybercrime operations.
This case comes amid growing concern over crypto-related cybercrime, with governments worldwide reporting rapid expansion of sophisticated digital extortion schemes. Law enforcement agencies have noted a sharp increase in crypto laundering.
Global Ledger data cited in court filings show hackers stole over $3 billion in 119 incidents during the first eight months of last year—already 1.5 times higher than the previous year’s total. This alarming figure reflects both the increasing sophistication of attackers and the rising value held in crypto platforms.
Meanwhile, international law enforcement actions continue. Last November, the US Department of Justice initiated efforts to seize over $15 million in USDT linked to North Korea’s APT38 hacking unit, which was tied to a series of major exchange breaches in previous years.
Europol also dismantled a cybercrime syndicate that created over 49 million fake online accounts—including fraudulent profiles on crypto platforms—using large-scale SIM farm infrastructure. This operation spotlighted the industrial scale some cybercrime networks have reached.
Despite increased global investigations, recent data suggests the industry is seeing short-term improvements in security. October of last year was the safest month for crypto platforms, with just $18.18 million lost to hacks—an 85% drop from September. This positive trend shows that enhanced security measures are starting to work, although experts warn the threat remains substantial.
FAQ
What specific fraud and social engineering techniques are used in this Bitcoin scam?
Scammers use social engineering via dating apps, creating fake profiles with fabricated success stories. They request transfers under the guise of lucrative investment opportunities and secret money-making tips, exploiting victims’ trust.
Through which channels were victims lured into the fake Musk/Obama Bitcoin scam?
Victims were mainly targeted through live streams(直播), where scammers used high-value prizes as bait. The scam involved impersonating Musk and Obama, enticing victims to join fraudulent giveaway activities.
How do hackers exploit celebrity identities (Musk and Obama) to commit large-scale fraud?
Hackers impersonated Musk and Obama on social media, deceiving users into transferring funds with false crypto promises. They employed advanced social engineering to build trust and execute coordinated mass scams.
How are stolen cryptocurrencies tracked? Can law enforcement recover these funds?
Stolen crypto is tracked using blockchain analysis and intelligence tools. The FBI and firms like Chainalysis have recovered billions in stolen funds. While tracking is complex, most criminals cannot permanently hide assets on the public chain.
How is the $5 million fine for the hacker calculated, and what additional legal consequences could follow?
The $5 million fine is based on cyber fraud and digital asset theft laws. The hacker could face criminal prosecution, extended imprisonment, asset forfeiture, restitution to victims, and a permanent criminal record.
How can ordinary investors identify and avoid similar crypto scams?
Conduct thorough research and rely on trusted communities to verify projects. Be cautious of unrealistic promises and suspicious links. Never share personal information. Use reputable platforms and stay informed about emerging crypto security threats.
* The information is not intended to be and does not constitute financial advice or any other recommendation of any sort offered or endorsed by Gate.
