Joseph O’Connor, also known as PlugwalkJoe, received a five-year prison sentence for a SIM swap attack in April 2019.
The attack stole approximately $794,000 worth of cryptocurrencies from a crypto exchange executive. O’Connor was initially arrested in Spain in July 2021 and was extradited to the United States on April 26, 2023.
In May, he pleaded guilty to several crimes, including conspiracy to commit wire fraud, conspiracy to commit money laundering, and conspiracy to hack computers.
The U.S. Attorney’s Office for the Southern District of New York announced the prison sentence on June 23. The court has also ordered O’Connor to serve three years of supervised release and to pay $794,012.64 in forfeiture.
During the SIM swap attack, O’Connor gained unauthorized access to the accounts and computer systems of the crypto exchange where the targeted executive worked by swapping their SIM cards.
They have not disclosed the identity of the compromised executive. O’Connor and his co-conspirators laundered the stolen cryptocurrency through various transfers and transactions, converting some of it into Bitcoin using cryptocurrency exchange services.
Ultimately, some of the stolen funds ended up in an account controlled by O’Connor. Additionally, O’Connor’s sentence includes charges related to the high-profile Twitter breach in July 2020.
In that incident, O’Connor and his group managed to earn nearly $120,000 in illegal cryptocurrency profits. They employed social engineering techniques and SIM swapping to compromise around 130 well-known Twitter accounts.
In some instances, they used compromised accounts to defraud other Twitter users or sold access to them. O’Connor also engaged in blackmail, threatening to expose private chats of a victim unless they promoted his online reputation.
He further harassed and targeted a victim through swatting attacks and threats. SIM swap attacks remain a significant concern. In such attacks, perpetrators associate a victim’s phone number with a SIM card they control, allowing them to hijack the victim’s phone number.
They can access accounts that utilize SMS-based two-factor authentication by redirecting calls and messages to their device. This tactic is commonly used to deceive followers of popular accounts into clicking phishing links that lead to cryptocurrency theft.
Despite O’Connor’s crimes occurring three years ago, SIM swap attacks continue to threaten the crypto industry. Recently, blockchain detective ZachXBT uncovered a group of scammers who targeted at least eight accounts belonging to prominent cryptocurrency figures, resulting in over $1 million in stolen funds. The scammers utilized the compromised accounts to promote phishing links.
