A British hacker, who amassed millions by hijacking social media accounts of billionaires and US presidents in an audacious scheme, has been ordered by a court to relinquish a significant sum of money.
Joseph James O’Connor, known as PlugwalkJoe in the hacking community, was involved in one of the most significant cyber attacks in recent history. He impersonated prominent figures such as Elon Musk, Barack Obama, and Joe Biden to deceive people into giving away their money.
In 2023, O’Connor, 26, was sentenced to five years in prison in the US after he pleaded guilty to charges of computer intrusion, wire fraud, and extortion.
The large-scale hack of high-profile social media accounts occurred in 2020, with hackers masquerading as celebrities like Kim Kardashian and Bill Gates.
“Everyone is asking me to give back. You send $1,000, I send you back $2,000,” a hacker posted from Gates’ account.
The scammers managed to collect millions from individuals who saw these posts, which encouraged them to transfer their funds into cryptocurrency wallets, aiming to obscure the money trail.
O’Connor, a British national, was taken into custody in Spain in 2021 and was later extradited when the High Court in Spain determined that most of his criminal activities and victims were based in the US.
In the Southern District of New York, he was subsequently ordered to return $800,000.
A court in the UK has now mandated that O’Connor repay £4.1 million ($5.4 million) of his unlawfully obtained earnings. Authorities have also been given permission through a civil forfeiture motion to seize his assets, including 42 bitcoins valued at approximately $4 million.
British prosecutor Adrian Foster hailed the seizure as an achievement.
“Joseph James O’Connor targeted well-known individuals and used their accounts to scam people out of their crypto assets and money,” he stated.
He also issued a caution to cyber criminals: “Even when someone is not convicted in the UK, we are still able to ensure they do not benefit from their criminality.”
Three other individuals have been apprehended in connection with the hacking of high-profile social media accounts. Hackers managed to access the back-end of X by posing convincingly to X employees over the phone, persuading them to divulge their log-in information, which allowed them control over some internal systems. In court, it was revealed that 130 accounts were compromised, with scams posted from 45 of them.
Before the deceptive posts were removed, they were viewed by over 350 million users, leading to thousands falling victim to the scam.