British Hacker Joseph O’Connor, known as PlugwalkJoe in the online community, has been sentenced to five years in a United States prison for his involvement in a SIM swap attack that resulted in the theft of $794,000 worth of cryptocurrency from a crypto exchange executive in April 2019.
O’Connor was apprehended in Spain in July 2021 and subsequently extradited to the United States on April 26, 2023. In May, he pleaded guilty to multiple charges, including conspiracy to commit computer intrusions, wire fraud, and money laundering.
The U.S. Attorney’s Office for the Southern District of New York announced the prison sentence in a statement released on June 23.
“Along with the prison term, O’Connor has been sentenced to three years of supervised release. He has also been ordered to forfeit $794,012.64,” the statement disclosed.
Although the crypto executive who fell victim to the SIM swap attack was not named, O’Connor gained unauthorized access to accounts and computer systems associated with the exchange where the executive worked.
Following the theft, O’Connor and his co-conspirators laundered the stolen cryptocurrency through numerous transfers and transactions, converting some of it into Bitcoin using cryptocurrency exchange services.
“In the end, a portion of the stolen cryptocurrency was deposited into a cryptocurrency exchange account controlled by O’Connor,” the statement added.
O’Connor’s sentence also encompasses his involvement in the major Twitter hack that occurred in July 2020. During the attack, O’Connor and his accomplices employed social engineering techniques and SIM swap attacks to hijack approximately 130 high-profile Twitter accounts, as well as two prominent accounts on TikTok and Snapchat.
“In certain instances, the co-conspirators assumed control of the compromised accounts and used that control to orchestrate a fraudulent scheme targeting other Twitter users. In other cases, they sold access to the compromised Twitter accounts,” the statement explained.
As part of this scheme, O’Connor attempted to extort the Snapchat victim by threatening to publicly release private messages unless they made posts promoting O’Connor’s online persona.
Furthermore, O’Connor engaged in stalking and threats towards one of his victims, going so far as to orchestrate a series of swatting attacks. Swatting involves making false reports to emergency services in order to provoke a response from law enforcement.
The sentencing of Joseph O’Connor serves as a stern reminder that cybercriminals will be held accountable for their actions. The severity of the sentence reflects the significant financial and personal harm caused by these types of attacks. It also highlights the importance of robust security measures to safeguard digital assets and protect against SIM swap attacks, which can have devastating consequences for individuals and organizations in the cryptocurrency industry.