July 2020 breach led to hijacking of prominent Twitter (now known as X) accounts to promote a cryptocurrency scam
UK Twitter hacker to repay Bitcoin over Obama Twitter breach
British prosecutors have secured a civil recovery order against Joseph James O’Connor, requiring the 26-year-old to repay £4.1 million ($5.4 million) in Bitcoin and other crypto assets gained through his involvement in the infamous 2020 Twitter hack.
The cyberattack notably compromised the accounts of high-profile figures such as former US President Barack Obama, President Joe Biden (then the Democratic candidate), Tesla CEO Elon Musk, and several other celebrities and business leaders.
O’Connor, who was arrested in Spain in 2021 and later extradited to the United States, pleaded guilty to several charges—including computer intrusion, wire fraud, and extortion—and was sentenced to five years in prison in 2023.
The July 2020 breach led to the hijacking of prominent Twitter (now known as X) accounts to promote a cryptocurrency scam, which solicited digital currency and issued threats to celebrities.
Crypto Assets Set for Court-Ordered Liquidation
The Crown Prosecution Service (CPS) has confirmed that 42 Bitcoin — along with a range of additional crypto assets linked to the high-profile scam — will be seized and liquidated under the supervision of a court-appointed trustee. The civil recovery order, approved last week, builds on an earlier property-freezing order obtained during the suspect’s extradition proceedings.
Adrian Foster, chief crown prosecutor, stressed that UK authorities exercised the full extent of their powers to ensure the individual “does not benefit from their criminality,” even though the conviction was secured outside the UK. The move underscores the CPS’s increasingly aggressive stance toward reclaiming illicit crypto proceeds.
The 2020 breach prompted X (then known as Twitter) to impose temporary restrictions on all verified accounts, revealing significant gaps in the platform’s internal security systems. The unprecedented disruption forced the company to undertake a sweeping review of its cybersecurity protocols and crisis-response procedures.
