A 22 year-old resident of the United Kingdom has been indicted by the US Department of Justice (DOJ) for allegedly stealing $784,000 in cryptocurrency via SIM swapping.
Between March and May 2019, Joseph James O’Connor (aka PlugwalkJoe) and several unnamed co-conspirators allegedly carried out a SIM swapping scheme to gain access to three executives working at a cryptocurrency exchange.
The hacker duplicated the victims’ SIM cards – typically done through social engineering schemes or by bribing telecoms employees – to gain access to one-time passcodes used in multi-factor authentication (MFA) process.
“Following a successful SIM swap attack targeting one of the executives on or about April 30, 2019,” the accused “gained unauthorized access to multiple Company-1 accounts and computer systems,” the press release reads. They then allegedly stole various types of cryptocurrency from wallets the company maintained for two clients.
According to the DOJ, the stolen funds are worth at least $784,000 and include approximately 770.784869 Bitcoin cash, 6,363.490509 Litecoin, 407.396074 Ethereum and 7.456728 Bitcoin.
O’Connor and his accomplices allegedly laundered the stolen crypto through multiple transfers and transactions and exchanged some of it for Bitcoin. The perpetrators ultimately deposited a portion of the loot into a cryptocurrency exchange account allegedly controlled by O’Connor himself, the DOJ notes.
O’Connor faces multiple charges that can amount to decades in prison, but since the charges in the indictment are merely accusations at this point, the defendant is presumed innocent unless proven guilty.
O’Connor is also thought to be the figure behind a massive Twitter hack last year. He is allegedly involved in the hack of high-profile accounts like those of former US President Barack Obama and Tesla boss Elon Musk which ended with the theft of $120,000 worth of Bitcoin.