Joseph O’Connor, known as PlugwalkJoe, has been sentenced to five years in a U.S. prison for his involvement in a SIM swap attack that resulted in the theft of $794,000 worth of cryptocurrency from a crypto exchange executive back in April 2019.
O’Connor was initially arrested in Spain in July 2021 and extradited to the United States on April 26, 2023. In May, he pleaded guilty to multiple charges, including conspiracy to commit computer intrusions, wire fraud, and money laundering.
The sentencing was announced in a statement by the U.S. Attorney’s Office of the Southern District of New York on June 23. In addition to the prison term, O’Connor has been ordered to serve three years of supervised release and pay $794,012.64 in forfeiture.
The targeted executive’s name has not been disclosed, but O’Connor gained unauthorized access to the exchange accounts and computing systems after performing the SIM swap. Alongside his co-conspirators, O’Connor laundered the stolen cryptocurrency through various transfers and transactions, converting some of it into Bitcoin using cryptocurrency exchange services. A portion of the stolen funds was ultimately deposited into a cryptocurrency exchange account controlled by O’Connor.
O’Connor’s sentence also encompasses his involvement in the major Twitter hack of July 2020, where he and his crew obtained around $120,000 worth of ill-gotten crypto assets. The hackers employed social engineering techniques and SIM-swapping attacks to take over approximately 130 prominent Twitter accounts, as well as two large accounts on TikTok and Snapchat. They either used the compromised accounts to defraud others or sold access to them.
O’Connor Engaged in Other Malicious Activities
In addition to the Twitter hack, O’Connor engaged in further malicious activities, including attempting to blackmail a victim on Snapchat and orchestrating swatting attacks by falsely reporting emergencies to authorities.
SIM swap attacks remain a significant issue in the cryptocurrency sector. These attacks involve a malicious actor taking control of a victim’s phone number and redirecting calls and messages to a device they control, thereby gaining access to accounts protected by SMS-based two-factor authentication.
Despite the passage of three years since O’Connor’s actions, SIM swapping continues to be a prevalent threat in the crypto industry. Recent incidents have highlighted the susceptibility of well-known figures in the crypto space to SIM swap attacks, resulting in the theft of substantial amounts of cryptocurrency.
