Hacker “PlugwalkJoe” Sentenced to 5 Years for $794K SIM Swap Attack on Crypto Exchange Executive
Joseph O’Connor, a British hacker known as PlugwalkJoe, has received a five-year prison sentence in the United States for orchestrating a SIM swap attack that resulted in the theft of $794,000 worth of cryptocurrency from a crypto exchange executive in April 2019.
After being arrested in Spain in July 2021, O’Connor was extradited to the U.S. on April 26, 2023. He pleaded guilty to various charges, including conspiracy to commit computer intrusions, wire fraud, and money laundering.
The hacking operation involved utilizing social engineering techniques and SIM swapping attacks to gain control over approximately 130 prominent Twitter accounts, along with two accounts on TikTok and Snapchat. The co-conspirators either took control of the accounts themselves or sold access to others.
One of the victims, targeted on Snapchat, was blackmailed by O’Connor, who threatened to release private messages unless they promoted his online persona through their posts. O’Connor also engaged in stalking, threats, and orchestrated swatting attacks on another victim by falsely reporting emergencies to authorities.
SIM swap attacks remain a significant concern within the crypto industry. In such attacks, perpetrators seize control of a victim’s phone number by linking it to a SIM card they control. This allows them to redirect calls and messages, thereby gaining access to accounts that rely on SMS-based two-factor authentication.
While O’Connor’s crimes took place several years ago, SIM swap attacks continue to plague the crypto sector. Recently, a group of scammers targeted prominent figures in the industry, including Pudgy Penguins founder Cole Villemain, DJ and NFT collector Steve Aoki, and Bitcoin Magazine editor Pete Rizzo, through SIM swapping. The group managed to steal nearly $1 million by promoting phishing links through the compromised accounts.
Despite efforts to combat such attacks, the persistence of SIM swapping highlights the ongoing need for heightened security measures within the cryptocurrency community.