In July 2020, as the world scrolled through Twitter for the latest pandemic updates and celebrity musings, something extraordinary—and deeply troubling—unfolded on screens everywhere. Suddenly, the accounts of Barack Obama, Joe Biden, Elon Musk, Bill Gates, Jeff Bezos, Apple, Uber, and even Kim Kardashian began tweeting out a too-good-to-be-true offer: send Bitcoin to a listed address and receive double in return. It was framed as a charitable act or COVID-19 relief, but it was nothing of the sort. Within hours, thousands of people had fallen for the scam, and nearly $794,000 in cryptocurrency had vanished into digital wallets controlled by hackers.
The man at the center of it all? Joseph James O’Connor, a Liverpool-born hacker known online as “PlugwalkJoe.” According to Invezz, O’Connor, then just 23, was not a shadowy figure hiding behind lines of code in some far-off land. He was a social engineer—someone who could talk his way past digital defenses rather than break them with brute force.
O’Connor and his crew didn’t need sophisticated malware or zero-day exploits to pull off one of the most audacious cybercrimes in recent memory. As reported by ITV News, they simply phoned up a handful of Twitter employees, spun a convincing tale, and walked away with the login credentials to Twitter’s powerful internal tools. With access to the company’s admin dashboard, they could reset passwords, bypass two-factor authentication, and swap out email addresses tied to any account they fancied. In a matter of minutes, they took over more than 130 high-profile accounts—some of the most influential digital voices on the planet.
The fallout was immediate. Twitter scrambled to lock down its systems and regain control, but the damage was done. As Legaltech News confirmed, O’Connor’s hack exposed a glaring vulnerability: around 1,500 Twitter employees and partners had access to these internal controls, a fact that almost no one outside the company had realized before the breach.
But the July 2020 Twitter hack was only part of O’Connor’s digital crime spree. According to U.S. prosecutors cited by ITV News, O’Connor also engaged in SIM swapping—a technique where hackers take control of a victim’s phone number to hijack their accounts. In one such scheme, he and his associates stole the equivalent of about $794,000 from a Manhattan cryptocurrency company, laundering the funds through a web of transactions before some of the stolen crypto landed in O’Connor’s own accounts. He even communicated with accomplices about buying control of high-profile Twitter accounts, agreeing to pay $10,000 for one particularly coveted handle.
After the hack, O’Connor didn’t stay on the run for long. In July 2021, he was arrested in Spain and, after a lengthy extradition process, was sent to the United States. There, he pleaded guilty to computer intrusion, wire fraud, extortion, money laundering, and even cyberstalking, as detailed by Invezz and ITV News. By June 2023, he was sentenced to five years in federal prison—a rare and public reckoning for a hacker whose crimes had made headlines around the globe.
Yet, as it turns out, prison time wasn’t the end of O’Connor’s story. On November 17, 2025, British prosecutors announced a new chapter: O’Connor would have to pay back 42 Bitcoin and other crypto assets, worth about £4.1 million (approximately $5.4 million), according to multiple outlets including Legaltech News and ITV News. The UK’s Crown Prosecution Service (CPS) had secured a civil recovery order, and a court-appointed trustee would now sell off those assets. As Adrian Foster of the CPS Proceeds of Crime Division put it, “We were able to use the full force of the powers available to us to ensure that even when someone is not convicted in the UK, we are still able to ensure they do not benefit from their criminality.”
It’s a striking example of how international cooperation in cybercrime investigations has evolved. O’Connor wasn’t convicted in the UK—his crimes and punishment were handled entirely in the United States. But British authorities didn’t let that stop them. Using civil recovery powers, and in close collaboration with American and Spanish investigators, the UK was able to track and seize O’Connor’s crypto assets before he could move or hide them.
This case, one of the largest crypto-related seizures in UK cybercrime history, sends a clear message: it’s getting much harder for digital criminals to pull off multimillion-dollar scams and simply walk away. Law enforcement agencies are growing smarter, more interconnected, and far more aggressive in following the money—no matter where it travels or how many digital wallets it passes through.
For the victims—both the celebrities whose accounts were hijacked and the thousands of Twitter users who lost money—the story is a cautionary tale about trust and the ever-shifting landscape of online threats. Social engineering, after all, relies not on technical wizardry but on human psychology. O’Connor’s crew succeeded because they understood how to manipulate people, not just machines.
The Twitter hack also forced a reckoning within the tech industry. Companies that once believed their internal controls were ironclad had to admit that sometimes, the weakest link isn’t a line of code but a well-meaning employee on the other end of a phone call. In the months and years since, social media platforms have tightened access to internal tools, ramped up employee training, and invested in new security protocols. But as cybersecurity experts often warn, the arms race between hackers and defenders never truly ends—it just moves to new battlegrounds.
Meanwhile, the legal aftermath of the Twitter hack continues to ripple outward. The Crown Prosecution Service’s civil recovery order ensures that O’Connor won’t see a penny of his ill-gotten gains. The assets, once liquidated, will be beyond his reach—a tangible victory for authorities and a symbolic win for those who believe that crime shouldn’t pay, no matter how clever the scheme.
Ultimately, the saga of Joseph James O’Connor—PlugwalkJoe—serves as both a warning and a lesson. It’s a reminder that even the most powerful digital platforms can be vulnerable to old-fashioned tricks, that international borders are no refuge for cybercriminals, and that the pursuit of justice, though sometimes slow, is relentless. As digital currencies and online scams continue to evolve, so too do the tools and tactics of those determined to stop them.
The days when hackers could vanish with millions in cryptocurrency and live above the law are fading fast. Today, the message is clear: the world is watching, and sooner or later, the bill comes due.
