A British hacker, Joseph O’Connor, aka the PlugwalkJoe, was sentenced to five years in prison in the United States for stealing $794,000 worth of crypto through a SIM swapping attack.
The case of SIM swapping attack
O’Connor was originally arrested in Spain in July 2021 for his involvement in a SIM card swapping attack on a crypto exchange executive in 2019. He was later extradited to the United States on April 26, 2023. In May, he pleaded guilty to several counts. , including conspiracy to commit computer intrusion, wire fraud and money laundering.
The identity of the hacked crypto executive has not been disclosed. Between March and May 2019, O’Connor and his co-conspirators successfully executed SIM card swapping attacks against three corporate executives. By gaining unauthorized access to multiple accounts and computer systems, they could steal and hijack cryptocurrency worth around $794,000 at the time, now valued at over $1.6 million. .
After the theft, O’Connor and his co-conspirators laundered the stolen cryptocurrency through various transfers and transactions, exchanging some for bitcoin using cryptocurrency exchange services. Some of the stolen cryptocurrency was deposited into a crypto exchange account controlled by O’Connor.
The prison sentence was announced in a June 23 statement by the United States Attorney’s Office for the Southern District of New York, which also said O’Connor would be subject to three years of probation. He was ordered to pay $794,012.64 in forfeiture.
O’Connor’s additional crimes and charges
In addition to the SIM card swapping attack, O’Connor pleaded guilty to several other crimes related to the major Twitter hack in July 2020. O’Connor and his team hacked approximately 130 Twitter accounts and prominent accounts on TikTok and Snapchat, using social engineering techniques. and SIM swapping attacks. They used these important and compromised accounts to defraud other Twitter users or sell access to them.
O’Connor’s charges include blackmail. He blackmailed a victim on Snapchat by threatening to post private messages unless they promoted O’Connor’s character online. He stalked and threatened another victim and orchestrated run-over attacks by falsely reporting emergencies to authorities or sending messages to the families of his victims, threatening to take their lives.
Although O’Connor’s crimes happened years ago, SIM card swapping attacks are still a problem in the crypto industry. These attacks involve taking control of a victim’s phone number by linking it to another SIM card controlled by the attacker, allowing them to redirect calls and messages and access accounts that use authentication. two-factor (2FA) by SMS.