This comprehensive guide explores the 2020 Twitter hack involving prominent figures like Elon Musk and Joe Biden, where hackers stole approximately $794,000 in Bitcoin through fraudulent cryptocurrency scams. The article details how authorities seized over £4 million in digital assets from convicted British hacker Joseph O'Connor, including 42.378 Bitcoin and significant Ethereum holdings. It examines Bitcoin's dramatic price appreciation from 2020 levels to current valuations near $92,800, demonstrating how cryptocurrency volatility amplifies stolen asset values over time. The guide emphasizes critical security vulnerabilities in the crypto ecosystem and provides practical strategies for investors to identify and prevent celebrity impersonation scams. Additionally, it highlights how to safely purchase cryptocurrencies on secure platforms like Gate while protecting private keys and verifying official channels before investing.
The British hacker responsible for orchestrating one of the most notorious social media security breaches in history has been ordered to surrender more than £4 million ($5 million) in cryptocurrency assets. Joseph James O'Connor, 26, was sentenced in the United States in 2023 for his central role in the July 2020 Twitter attack that compromised the accounts of prominent global figures, including former President Barack Obama, current President Joe Biden, tech entrepreneur Elon Musk, Amazon founder Jeff Bezos, and celebrity Kim Kardashian, among numerous other world leaders, technology executives, and major corporate brands.
The sophisticated attack involved gaining unauthorized access to Twitter's internal administrative tools, which allowed O'Connor and his accomplices to hijack more than 130 verified accounts. The compromised accounts were then used to broadcast fraudulent tweets urging followers to send Bitcoin to specific wallet addresses, with false promises of receiving double the amount in return. This classic cryptocurrency scam, executed at an unprecedented scale on one of the world's largest social media platforms, resulted in the group collecting approximately $794,000 in Bitcoin from unsuspecting victims.
Recently, the UK's Crown Prosecution Service confirmed that it had successfully secured a civil recovery order targeting a substantial portfolio of digital assets linked to O'Connor. The seized cryptocurrency holdings include 42.378 Bitcoin (BTC), 235.329 Ethereum (ETH), 143,273.57 Binance USD (BUSD), and 15.23 USD Coin (USDC), with a combined current market value of approximately £4.1 million. The dramatic increase in value from the original $794,000 theft demonstrates how the cryptocurrency market's volatility can significantly impact both criminal proceeds and law enforcement recovery efforts.
The confiscated assets will be liquidated through a court-appointed trustee, with the proceeds likely to be distributed according to UK civil recovery procedures. O'Connor, who currently resides in Spain following his deportation from the United States in early 2026, did not participate in the London court hearing. However, his mother appeared on his behalf and indicated that he was willing to forfeit all remaining interest in the seized funds, effectively accepting the civil recovery order without contest.
O'Connor's criminal case in the United States was extensive, with the hacker pleading guilty to a comprehensive list of federal offenses. These charges included computer intrusion conspiracies, wire fraud conspiracy, money laundering conspiracy, extortion, making threatening communications, and cyberstalking a 16-year-old victim. He was extradited from Spain to face justice in US federal court and ultimately received a five-year prison sentence before being deported back to Europe.
The UK's Crown Prosecution Service had proactively obtained a Property Freezing Order during the extradition proceedings to prevent O'Connor from moving or disposing of the cryptocurrency assets. This legal mechanism proved crucial in preserving the digital assets for eventual recovery, despite the jurisdictional complexities of the case spanning multiple countries.
Adrian Foster, Chief Crown Prosecutor for the CPS Proceeds of Crime Division, emphasized that this case demonstrates law enforcement's commitment to pursuing criminal profits regardless of where convictions occur. "We were able to use the full force of the powers available to us to ensure that even when someone is not convicted in the UK, we are still able to ensure they do not benefit from their criminality," Foster stated, highlighting the international cooperation and legal frameworks that enable cross-border asset recovery in cryptocurrency cases.
The substantial increase in the value of O'Connor's stolen cryptocurrency holdings can be directly attributed to Bitcoin's remarkable price appreciation over the past several years. At the current market price hovering near $92,800 per Bitcoin, the value of the digital assets is almost ten times higher than it was during the mid-2020 period when the Twitter hack occurred. This dramatic price surge has caused the remaining assets in O'Connor's possession to balloon to more than £4.1 million, according to prosecutors' calculations.
The initial cryptocurrency theft netted approximately $794,000 at 2020 prices, but the subsequent bull market in digital assets transformed this sum into a multi-million-pound fortune. This phenomenon illustrates a unique challenge in cryptocurrency-related criminal cases: the value of stolen assets can fluctuate dramatically between the time of the crime and the eventual recovery or sentencing, creating complex questions about appropriate restitution amounts and the calculation of criminal proceeds.
The July 2020 Twitter breach stands as one of the most significant social media security failures ever recorded in the industry's history. The platform, then known as Twitter before its rebranding, was forced to take the extraordinary measure of temporarily locking down all verified accounts as the cryptocurrency scam rapidly spread across the network, potentially reaching more than 350 million users worldwide. The incident exposed critical vulnerabilities in the platform's internal security systems and administrative access controls.
Subsequent investigations revealed that two British associates had unwittingly opened cryptocurrency exchange accounts that were later used by O'Connor to facilitate the fraud, but these individuals were determined not to have been involved in the actual criminal scheme. This finding highlighted how cybercriminals often exploit legitimate intermediaries and services to obscure the trail of their illicit activities.
The case has arrived during a period of significantly heightened concern over cryptocurrency-related cybercrime, with governments and regulatory bodies worldwide reporting rapid growth in sophisticated digital extortion schemes, ransomware attacks, and exchange breaches. Law enforcement agencies across multiple jurisdictions have documented a sharp rise in cryptocurrency laundering activities, as criminals increasingly leverage the pseudonymous nature of blockchain transactions to obscure the origins of illicit funds.
According to Global Ledger data cited in court filings, hackers successfully stole more than $3 billion in cryptocurrency across 119 separate security incidents during just the first eight months of 2025. This staggering figure already surpassed the total losses recorded for the entire year of 2024 by a factor of 1.5 times, demonstrating the escalating scale and sophistication of crypto-related cyberattacks.
Meanwhile, separate enforcement actions continue to unfold across international jurisdictions. In November of the previous year, the United States Department of Justice launched efforts to seize more than $15 million in Tether (USDT) tied to North Korea's APT38 hacking unit, a state-sponsored cybercrime group connected to a series of major cryptocurrency exchange breaches that occurred throughout 2023. These cases illustrate the growing involvement of nation-state actors in cryptocurrency theft operations.
Europol, the European Union's law enforcement agency, also successfully dismantled a sophisticated cybercrime syndicate responsible for creating more than 49 million fake online accounts, including fraudulent profiles on cryptocurrency platforms and exchanges. This massive operation utilized large-scale SIM-farm infrastructure to generate seemingly legitimate user identities that could be used for money laundering, fraud, and other illicit activities within the crypto ecosystem.
Despite the rising number of global investigations and the increasing sophistication of attacks, recent data suggests that the cryptocurrency industry may be experiencing short-term improvements in security practices and incident response capabilities. October 2025 was recorded as the safest month of the year for cryptocurrency platforms, with only $18.18 million lost to hacking incidents, representing an 85% decrease from the losses recorded in September. This improvement may reflect enhanced security measures, better incident detection systems, and increased industry awareness following high-profile breaches like the Twitter hack orchestrated by O'Connor.
FAQ
How did this Bitcoin scam happen specifically? How did hackers impersonate Musk and Obama to commit fraud?
Hackers compromised Twitter accounts of public figures like Musk and Obama, posting fraudulent messages promising to match or triple Bitcoin sent to their wallets. Victims transferred Bitcoin to hacker-controlled addresses in this long-running scheme.
How many people became victims of this scam? What is the total amount of stolen cryptocurrency?
Over 50,000 people fell victim to this fraud scheme, with total stolen cryptocurrency reaching $560 million. The median loss per victim was approximately $8,000.
Why does the hacker face a five million dollar fine? What is the legal basis for this penalty?
The hacker faces a five million dollar fine due to financial fraud resulting from data breach. This penalty is based on the Gramm-Leach-Bliley Act (GLBA) regulations, which protects consumer financial information and mandates substantial penalties for violations involving unauthorized access to sensitive data.
How much is the stolen cryptocurrency worth now? Why does it grow over time?
The stolen crypto's value fluctuates based on market price movements. As Bitcoin and major cryptocurrencies appreciate due to increased adoption, institutional interest, and limited supply, holdings automatically gain value. The hacker's stash grows with overall crypto market expansion.
How can ordinary investors identify and prevent celebrity impersonation cryptocurrency scams?
Verify official channels directly, check security badges and verification marks, avoid unsolicited investment offers, research project teams thoroughly, use hardware wallets, and never share private keys. Be cautious of guaranteed returns promises and always confirm through official websites before investing.
What security vulnerabilities and risks does this case reflect in the cryptocurrency field?
This case reveals critical vulnerabilities including smart contract flaws, centralized exchange weaknesses, and inadequate security measures. Hackers exploit compromised accounts and protocol gaps to steal digital assets. Key risks include poor access controls, insufficient transaction verification, and the concentration of assets in vulnerable systems.
* The information is not intended to be and does not constitute financial advice or any other recommendation of any sort offered or endorsed by Gate.
