The US Department of Justice has indicted a suspected Twitter hacker known as ‘PlugWalkJoe’ for also stealing $784,000 worth of cryptocurrency using SIM swap attacks.
SIM swap attacks are when threat actors take control of targets’ phone numbers by porting them to their own device’s SIM card. These attacks are commonly made by performing social engineering and pretending to be the target, hacking into mobile carriers’ systems, or bribing employees.
Once they perform the SIM swap, the attackers will receive victims’ messages and calls which allows bypassing SMS-based multi-factor authentication (MFA), stealing user credentials, as well taking over the victims’ online service accounts.
In the indictment unsealed today in the Southern District of New York, the DOJ claims that Joseph O’Connor, a/k/a “PlugwalkJoe,” and co-conspirators used SIM swaps to gain access to accounts for a Manhattan-based cryptocurrency company.
Using this access, the alleged hackers stole $784,000 Bitcoin Cash, Litecoin, Ethereum, and Bitcoin from wallets managed by the company on behalf of clients.
“Between approximately March 2019 and May 2019, JOSEPH JAMES O’CONNOR, a/k/a “PlugwalkJoe,” the defendant, and his co-conspirators perpetrated a scheme to use SIM swaps to conduct cyber intrusions in order to steal approximately $784,000 worth of cryptocurrency from a Manhattan-based cryptocurrency company (“Company-1”), which, at all relevant times, provided wallet infrastructure and related software to cryptocurrency exchanges around the world, ” reads the unsealed indictment.
The stolen cryptocurrency includes 770.784869 Bitcoin cash, approximately 6,363.490509 Litecoin, approximately 407.396074 Ethereum, and about 7.456728 Bitcoin.
The suspect is charged under this new indictment with conspiracy to commit computer hacking, conspiracy to commit wire fraud, aggravated identity theft, conspiracy to commit money laundering,
O’Connor was previously indicted for his alleged involvement in a massive July 2020 Twitter hack that allowed threat actors to hijack accounts and promote cryptocurrency scams that stole over $120,000 worth of Bitcoin.
Some of the 130 high-profile accounts used in the attack included politicians, celebrities, tech executives (@JeffBezos, @BarackObama, @elon_musk, @kanyewest, @JoeBiden, @BillGates, and @WarrenBuffet) and companies (@Apple, @Uber, @coinbase, @Gemini, @binance).
The US government is pursuing the extradition of O’Connor, who is currently in custody in Spain.