A British hacker known as Joseph O’Connor also referred to as the PlugwalkJoe, has been sentenced to five years in a U.S. prison for engaging in a SIM swap attack and stealing crypto valued at $794,000.
The SIM swap attack involved O’Connor and his accomplices targeting a cryptocurrency exchange executive in 2019. O’Connor was initially apprehended in Spain in July 2021 and subsequently extradited to the United States on April 26, 2023. In May, he pleaded guilty to multiple charges, including conspiracy to commit computer intrusions, wire fraud, and money laundering.
The specific identity of the crypto executive who fell victim to the SIM swap attack has not been disclosed. During the period between March and May 2019, O’Connor and his associates successfully executed SIM swap attacks on three executives within the company. By gaining unauthorized access to various accounts and computer systems, they were able to steal and divert approximately $794,000 worth of cryptocurrency at the time, which is now valued at over $1.6 million.
Following the theft, O’Connor and his accomplices laundered the stolen cryptocurrency through a series of transfers and transactions, converting some of it into bitcoin using cryptocurrency exchange services. A portion of the stolen cryptocurrency was deposited into a crypto exchange account under O’Connor’s control.
The sentence was announced on June 23 by the United States Attorney’s Office for the Southern District of New York. In addition to the prison term, O’Connor will also face three years of supervised release. Furthermore, he has been ordered to forfeit $794,012.64.
In addition to the SIM swap attack, O’Connor has pleaded guilty to various other crimes related to the high-profile Twitter hack in July 2020. O’Connor and his group targeted approximately 130 prominent Twitter accounts, as well as accounts on TikTok and Snapchat, using social engineering techniques and SIM swap attacks. They utilized these compromised accounts to defraud other Twitter users or sell access to them.
O’Connor’s charges include blackmail, where he coerced a victim on Snapchat by threatening to publicly expose private messages unless they promoted O’Connor’s online persona. He also engaged in stalking and threats against another victim, as well as orchestrated swatting attacks by falsely reporting emergencies to authorities or sending threatening messages to his victims’ families.
Despite the occurrence of O’Connor’s crimes several years ago, SIM swap attacks continue to pose a significant concern in the cryptocurrency sector. These attacks involve gaining control of a victim’s phone number by associating it with another SIM card controlled by the attacker. This enables them to reroute calls and messages, granting access to accounts that utilize SMS-based two-factor authentication (2FA).