Posted inNews

$794K SIM swap hacker PlugwalkJoe sentenced to five years in prison

June 25, 2023No Comments


British Hacker Joseph O'Connor, also known online as PlugwalkJoe, has been sentenced to five years in prison in the US for his role in stealing $794,000 worth of cryptocurrency via a SIM swapping attack on a crypto exchange executive in April 2019.

O'Connor was initially arrested in Spain in July 2021 and was extradited to the US on April 26, 2023. In May, he pleaded guilty to a series of charges related to conspiracy to commit computer intrusions, conspiracy to commit fraud electronic mail and conspiracy to commit money laundering, to name a few.

The prison sentence was highlighted in a June 23 statement from the US Attorney's Office for the Southern District of New York.

โ€œIn addition to the prison sentence, O'Connor was sentenced to three years of supervised release. O'Connor was further ordered to pay $794,012.64 in forfeiture," the statement read.

The hacked crypto executive has not been named, however, after trading them with SIMs, O'Connor gained unauthorized access to accounts and computer systems belonging to the exchange the executive worked on.

"After fraudulently stealing and diverting the stolen cryptocurrency, O'Connor and his accomplices laundered it through dozens of transfers and transactions and exchanged some of it for Bitcoin using cryptocurrency exchange services."

"Ultimately, a portion of the stolen cryptocurrency was deposited into a cryptocurrency exchange account controlled by O'Connor," the statement added.

O'Connor's sentence also covers crimes related to the big Twitter hack of July 2020, which ultimately netted him and his team around $120,000 in ill-gotten crypto profit.

The hackers deployed a series of "social engineering techniques" and SIM swapping attacks to hijack around 130 prominent Twitter accounts, along with two large accounts on TikTok and Snapchat.

โ€œIn some cases, the co-conspirators took control themselves and used that control to launch a scheme to defraud other Twitter users. In other cases, co-conspirators sold access to Twitter accounts to others," the statement read.

As part of this scheme, O'Connor attempted to blackmail the Snapchat victim by threatening to post private messages if they did not make posts promoting O'Connor's online personality.

In addition, O'Connor also "stalked and threatened" a victim and "orchestrated a series of swatting attacks" against her by falsely reporting emergencies to authorities.

SIM swaps are still a big problem

A SIM swapping attack involves a bad actor taking control of a victim's phone number by linking it to another SIM card controlled by them.

As a result, criminals can redirect the victim's calls and messages to a device they control and gain access to any account the victim uses. SMS-based two-factor authentication in.

The scheme is typically used to trick followers of prominent accounts into clicking phishing links that ultimately end up stealing their crypto assets.

Related: Darknet Hackers Are Selling Crypto Accounts For As Little As $30 Each

Despite O'Connor's antics that occurred about three years ago, SIM swapping attacks continue to be a major problem in the cryptocurrency sector.

Earlier this month, blockchain detective ZachXBT identified a group of scammers that SIM-swapped at least eight accounts belonging to well-known figures in crypto, including Pudgy Penguins founder Cole Villemain, DJ and NFT collector Steve Aoki, and Bitcoin Magazine editor Pete Rizzo.

According to ZachXBT, the group stole nearly $1 million by promoting phishing links from the hacked accounts.

Magazine: 'Moral Responsibility': Can Blockchain Really Improve Trust in AI?