A British man has been arrested in Spain in connection with the July 2020 hack of Twitter that resulted in more than 130 accounts belonging to celebrities scamming their followers out of Bitcoin.
Following the incident, Twitter confirmed that a co-ordinated social engineering attack had allowed criminals to post tweets from celebs’ accounts offering to send $2,000 for every $1,000 sent to a Bitcoin address.
Joseph O’Connor, 22, who was known online by the handle PlugWalkJoe and previously gave interviews to the media regarding the incident, was arrested on Wednesday in Estepona, Spain, by Spanish National Police at the request of the FBI.
O’Connor is also accused of hijacking accounts on other social media platforms, including TikTok and Snapchat, as well as cyberstalking a juvenile victim.
Twitter confirmed that 130 accounts were targeted by the criminals during the July 2020 hack, with 45 being used to send tweets. The criminals also accessed the DM inboxes of 36 users and downloaded the Twitter data of seven.
Scam messages were posted by accounts belonging to Barack Obama, Jeff Bezos, Kim Kardashian, Kanye West and Bill Gates, among others.
According to the Department of Justice, the criminals’ Bitcoin address received more than 400 transfers worth more than $117,000 (£90,000). Of course, no money was sent back.
O’Connor is the second Briton to be arrested in connection with the incident, alongside Bognor Regis teenager Mason Sheppard who was accused of involvement last August.
The amateur quality of the scam surprised onlookers compared to how effective the attackers had been at gaining access to their targets’ accounts.
Similar scam messages regarding cryptocurrency give-aways reached epidemic levels on Twitter in 2018, when a Sky News investigation found accounts impersonating Elon Musk to be stealing thousands of pounds a day – but these were always posted from fake accounts.