1. Home
  2. Twitter hack

Twitter hack

$794K SIM swap hacker PlugwalkJoe sentenced to five years in prison

The hacker managed to steal $794,000 worth of crypto from an exchange via a SIM swap attack on an exec, but ultimately he didn’t cover his tracks well.

British Hacker Joseph O’Connor, also known online as PlugwalkJoe, has been sentenced to five years in U.S. prison for his role in stealing $794,000 worth of cryptocurrency via a SIM swap attack on a crypto exchange executive back in April 2019.

O’Connor was initially arrested in Spain in July 2021 and was extradited to the U.S. on April 26, 2023. In May he pled guilty to a slew of charges relating to conspiracy to commit computer intrusions, conspiracy to commit wire fraud, and conspiracy to commit money laundering, to name a few.

The prison sentence was highlighted in a June 23 statement from the U.S. Attorney's Office of the Southern District of New York.

“In addition to the prison term, O’Connor was sentenced to three years of supervised release. O’Connor was further ordered to pay $794,012.64 in forfeiture,” the statement reads.

The hacked crypto exec has not been named, however after SIM swapping them, O’Connor gained unauthorized access to accounts and computing systems belonging to the exchange that the exec worked at.

“After stealing and fraudulently diverting the stolen cryptocurrency, O’Connor and his co-conspirators laundered it through dozens of transfers and transactions and exchanged some of it for Bitcoin using cryptocurrency exchange services.”

“Ultimately, a portion of the stolen cryptocurrency was deposited into a cryptocurrency exchange account controlled by O’Connor,” the statement adds.

O’Connor’s sentence also covers offenses relating to the major Twitter hack of July 2020, which ultimately fetched him and his crew around $120,000 worth of ill-gotten crypto gains.

The hackers deployed a series of “social engineering techniques” and SIM-swapping attacks to hijack around 130 prominent Twitter accounts, along with two large accounts on TikTok and Snapchat.

“In some instances, the co-conspirators took control themselves and used that control to launch a scheme to defraud other Twitter users. In other instances, the co-conspirators sold access to Twitter accounts to others,” the statement reads.

As part of this scheme, O’Connor attempted to blackmail the Snapchat victim by threatening to publicly release private messages if they didn’t make posts promoting O’Connor’s online persona.

Additionally, O’Connor also “stalked and threatened” a victim, and “orchestrated a series of swatting attacks” on them by falsely reporting emergencies to authorities.

SIM swaps are still a big issue

A SIM swap attack involves a bad actor taking control of a victim’s phone number by linking it to another sim card controlled by them.

As a result, the bad actors can then re-route the victim’s calls and messages to a device controlled by them, and gain access to any accounts the victim uses SMS-based two-factor authentication on.

The scheme is generally used to dupe followers of prominent accounts into clicking phishing links that ultimately end up swiping their crypto assets.

Related: Darknet hackers are selling crypto accounts for as low as $30 a pop

Despite O’Connor’s antics occurring roughly three years ago, SIM swapping attacks continue to be a significant issue in the crypto sector.

Earlier this month blockchain sleuth ZachXBT identified a group of scammers that SIM-swapped at least eight accounts belonging to well-known figures in crypto, including Pudgy Penguins founder Cole Villemain, DJ and NFT collector Steve Aoki and Bitcoin Magazine editor Pete Rizzo.

According to ZachXBT, the group stole almost $1 million by promoting phishing links from the hacked accounts.

Magazine: ‘Moral responsibility’ — Can blockchain really improve trust in AI?

Tether pours $775M into video-sharing platform Rumble

400M Twitter users’ data is reportedly on sale in the black market

The private contact information of Ethereum co-founder Vitalik Buterin, shark tank host Kevin O'Leary and Mark Cuban are among those purportedly for sale.

400 million Twitter users’ data containing private emails and linked phone numbers have reportedly been up for sale on the black market.

Cybercrime intelligence firm Hudson Rock highlighted a “credible threat” via Twitter on Dec. 24 in which someone is supposedly selling a private database containing contact information of 400 million Twitter user accounts. 

“The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more,” Hudson Rock stated, before adding that:

“In the post, the threat actor claims the data was obtained in early 2022 due to a vulnerability in Twitter, as well as attempting to extort Elon Musk to buy the data or face GDPR lawsuits.”

Hudson Rock said that while it has not been able to fully verify the hacker’s claims given the number of accounts, it said that an “independent verification of the data itself appears to be legitimate.”

Web3 security firm DeFiYield also had a look at 1,000 accounts given as a sample by the hacker and verified that the data is “real.” It also reached out to the hacker via Telegram and noted that they are actively waiting for a buyer there.

If found true, the breach could be a significant cause for concern for crypto Twitter users, particularly those who operate under a pseudonym.

However, some users have highlighted that such a large-scale breach is hard to believe, given that the current amount of active monthly users reportedly sits at around 450 million.

At the time of writing, the purported hacker still has a post up on Breached advertising the database to buyers. It also has a specific call to action for Elon Musk to pay $276 million to avoid having the data sold and face a fine from the General Data Protection Regulation agency.

If Musk pays the fee, the hacker says they will delete the data and it will not be sold to anyone else “to prevent a lot of celebrities and politicians from Phishing, Crypto scams, Sim swapping, Doxxing and other things.”

Hacker's database ad: Breached

The breached data in question is understood to have come from the “Zero-Day Hack” on Twitter in which an application programming interface vulnerability from Jun. 2021 was exploited before it was patched in January this year. The bug essentially allowed hackers to scrape private info which they then compiled into databases to sell on the dark web.

Related: Crypto Twitter confused by SBF’s $250M bail and a return to luxury

Alongside this supposed database, two others have previously been identified, with one consisting of around 5.5 million users and another thought to contain as much as 17 million users, according to a Nov. 27 report from Bleeping Computer.

The dangers of having such info leaked online include targeted phishing attempts via text and email, sim swap attacks to get ahold of accounts and the doxing of private information.

People are being advised to take precautions such as making sure two-factor authentication settings are turned on for their various accounts, via an app and not their phone number, along with changing their passwords and storing them securely, and also using a private, self-hosted crypto wallet.

Tether pours $775M into video-sharing platform Rumble

British Army’s Social Media Accounts Hacked to Promote Bitcoin Giveaways, Crypto Scams

British Army’s Social Media Accounts Hacked to Promote Bitcoin Giveaways, Crypto ScamsThe British Army’s official Youtube and Twitter accounts were compromised Sunday and hackers used them to promote crypto, including bitcoin and ether giveaway scams featuring Tesla CEO Elon Musk. British Army’s Social Media Accounts Used to Promote Bitcoin, Crypto, NFT Scams The British Army confirmed Sunday that its official Youtube and Twitter accounts were breached. […]

Tether pours $775M into video-sharing platform Rumble

Targeted phishing scam nets $438K in crypto and NFTs from hacked Beeple account

Links posted to a fake Louis Vuitton non-fungible token (NFT) raffle were made to capitalize on a recent real collaboration between Beeple and the luxury fashion brand.

Digital artist and popular non-fungible token (NFT) creator Mike Winkelmann, more commonly known as Beeple, had his Twitter account hacked on Sunday, May 22 as part of a phishing scam.

Harry Denley, a Security Analyst at MetaMask, alerted users that Beeple’s tweets at the time containing a link to a raffle of a Louis Vuitton NFT collaboration were in fact a phishing scam that would drain the crypto out of users' wallets if clicked.

The scammers were likely looking to capitalize on a real recent collaboration between Beeple and Louis Vuitton. Earlier in May, Beeple designed 30 NFTs for the luxury fashion brand’s “Louis The Game” mobile game which were embedded as rewards to players.

The scammer continued to post phishing links from Beeple’s Twitter account leading to fake Beeple collections, luring in unsuspecting users with the promise of a free mint for unique NFTs.

The phishing links were up on Beeple’s Twitter for around five hours and on-chain analysis of one of the scammers' wallets shows the first phishing link scored them 36 Ethereum (ETH) worth roughly $73,000 at the time.

The second link netted the scammers around $365,000 worth of ETH and NFTs from high-value collections such as the Mutant Ape Yacht Club, VeeFriends, and Otherdeeds amongst others bringing the grand total value stolen from the scam to around $438,000.

On-chain data shows the scammer selling the NFTs on OpenSea and putting their stolen ETH into a crypto mixer in an attempt to launder the gains.

Beeple later tweeted that he had regained control of his account and added to remind his followers that “anything too good to be true IS A F*CKING SCAM.”

Related: Needed: A massive education project to fight hacks and scams

Beeple has created three of the top ten most expensive NFTs sold to date including one which sold for $69.3 million, the most expensive ever sold to a sole owner. This attention has made him a target for hacks.

In November 2021, an admin account on Beeple’s Discord was hacked with scammers there also promoting a similarly fake NFT drop which resulted in users losing around 38 ETH.

Earlier this month, cybersecurity firm Malwarebytes released a report which highlighted a rise in phishing attempts as scammers try to cash in on NFT hype. The firm noted the use of fraudulent websites depicted as legitimate platforms is the most common tactic used by scammers.

Tether pours $775M into video-sharing platform Rumble

ESPN’s baseball reporter’s Twitter account hacked by NFT scammers

The hackers hijacked the popular reporter’s account in an attempt to promote giveaways for the Skulltoons NFT project by duping users into clicking a malicious link.

In what ESPN Major League Baseball reporter Jeff Passan called the “biggest news day” of his life, scammers hijacked his Twitter account to promote an NFT giveaway.

With the MLB and the Players Association (MLBPA) engaged in a long-winded deadlock over a labor deal that resulted in canceled games, Passan had just broken news regarding an important agreement between the two parties concerning the international draft.

However, with eyeballs waiting on the next development from Passan, his account suddenly started promoting giveaways for the Skulltoons NFT project. His username was also changed to “Jeff.eth” while his profile picture depicted artwork from the NFTs and his bio read “NFT Enthusiast, MLB Insider, Father, Husband, Mod for @skulltoonsNFT, @Azukizen, @thugbirdz”

The tweets (which have since been deleted and salvaged via screenshots) noted that Passan had partnered with Skulltoons to giveaway 20 presale spots for an upcoming drop on March 20, and of course, people needed to click on a nefarious looking link to get a chance of winning.

Following reports of the hack circulating online, the team behind Skulltoons distanced themselves from the hacker’s posts as they warned the community to be wary of scams:

“Looks like Jeff Passan got hacked by someone trying to scam our community… We are not affiliated with Jeff in any capacity. We hope that he’s able to get his Twitter back ASAP.”

The hack didn’t last long, with ESPN reportedly moving fast to get Passan’s account back within two hours. To announce his return, Passan changed his Twitter background to a white image that simply read “I’m back,” in reference to the famous quote from NBA icon Michael Jordan when he came out of retirement to play for the Chicago Bulls for a second stint.

Related: Company auctions 1-of-1 Topps 1952 Mickey Mantle Card NFT in what may be the highest valued sports NFT to date

Hackers often attempt to hijack popular social media accounts in a bid to dupe followers into thinking they are seeing legitimate promotions from people they support. Cointelegraph reported in late January that dozens of YouTube accounts such as BitBoy Crypto, Altcoin Buzz, Box Mining, Floyd Mayweather, Ivan on Tech, and The Moon were hacked to promote crypto scams.

Tether pours $775M into video-sharing platform Rumble

Crypto exchange’s Twitter gets hacked by ‘disgruntled employee’

Latoken’s Twitter account started publishing accusations of scams and mistreating employees.

The Twitter account of the Russian crypto exchange Latoken seems to have been breached by a hacker who started posting allegations that the exchange is a scam. According to the posts, the exchange is promoting “scam IEOs” and misleading its customers. 

The profile picture of the account was also changed into a scam warning image, while the Twitter page’s bio was edited to “LATOKEN is the leading SCAM platform!” According to the hacker, the exchange treats employees unfairly and also fires employees for no reason.

The hacker has also accused the exchange of deliberately trying to “scam money out of projects” and promising 100%–500% growth without delivering. The hacker also called Valentin Preobrazhensky, the founder of Latoken, a “liar” and a “face seller.”

Apart from Latoken, the official Twitter of LADEX, the company’s decentralized exchange project was also compromised. The hacker posted a video of an online meeting showing the Latoken CEO screaming curses at someone in the call.

The hacker also highlighted Trust Pilot’s review on Latoken, which is only two out of five stars. However, a warning message in Trust Pilot says that the site detected misuse on Latoken’s page, stating that it has detected a number of fake reviews.

In response to the incident, Latoken’s official Telegram account published an update telling its users about the hack. The exchange said it believes the accusations to be the act of a “disgruntled employee” and that its team is in touch with Twitter support to fix the problem.

Related: Crypto.com breach may be worth up to $33M, suggests onchain analyst

Several crypto YouTube accounts have faced a series of hacks recently. Hackers posted videos that instructed viewers to send money to the hacker’s wallet using the accounts of famous personalities such as BitBoy Crypto, Box Mining, Ivan on Tech and even boxing superstar Floyd Mayweather Jr. Luckily, many of the account owners were able to detect and remove the videos within minutes.

Back in 2020, a similar hack compromised the Twitter accounts of prominent individuals. The official accounts of Elon Musk, Kanye West, Bill Gates and others were hacked by a Bitcoin (BTC) thief who published posts claiming to double any crypto amount sent to a certain wallet address.

Tether pours $775M into video-sharing platform Rumble