A British man responsible for a high-profile 2020 hack of Twitter, now known as X, has been ordered to pay back 4.1 million British Pounds ($5.37 million USD) in cryptocurrency. Joseph James O'Connor, 26, is currently serving a five-year prison sentence in the United States after pleading guilty to multiple charges including computer intrusion and wire fraud.

The cyber attack in July 2020 affected the accounts of numerous public figures, including then-presidential candidate Joe Biden, former President Barack Obama, and Tesla CEO Elon Musk. Other notable victims included Bill Gates, Warren Buffett, and Kim Kardashian.

Details of the Attack

The hackers used social engineering techniques to get access to Twitter's internal administrative tools. This allowed them to take control of the verified accounts and post fraudulent tweets soliciting cryptocurrency.

The deceptive messages typically promised to double any Bitcoin sent to a specific digital wallet, leading to O'Connor and his co-conspirators stealing cryptocurrency which was then worth $794,000 through the scheme. The value in real world cash has rocketed since 2020, hence the much higher sum in the court order. The widespread breach prompted Twitter to temporarily restrict activity for all verified accounts to contain the situation.

Asset Recovery

Britain's Crown Prosecution Service (CPS) announced it had successfully pursued a civil order to recover 42 Bitcoin along with other cryptocurrencies tied to the scheme. The order was made possible following a property freezing order that was secured during O'Connor's extradition proceedings after his 2021 arrest in Spain. (Source: sky.com)

Adrian Foster, Chief Crown Prosecutor for the CPS Proceeds of Crime Division, said the action makes sure criminals do not benefit from their illegal activities, even if convicted outside the UK. The seized assets are set to be converted into cash by a court-appointed trustee. (Source: bbc.co.uk)

What's Your Opinion?

Do you believe the five-year sentence and forfeiture of assets is a sufficient penalty for such a widespread security breach? How can social media companies better protect high-profile accounts from sophisticated social engineering attacks? Should the victims of the cryptocurrency scam be the first to receive restitution from the liquidated assets?