Joseph O’Connor, aka PlugwalkJoe, was sentenced to 5 years in prison for SIM swapping a cryptocurrency exchange executive in April 2019, resulting in the theft of $794,000 in crypto.
Joseph O’Connor was extradited to the United States in April 2023 after spending two years in detention in Spain. He pleaded guilty to several counts of computer breaches and money laundering in May.
The five-year prison term for Joseph O’Connor was formally announced on June 23 by the Southern District of New York Office of the United States Attorney.
The identity of the hacked crypto executive remains a mystery, but O’Connor and his co-conspirators were successful in executing SIM swap attacks on three company executives between March and May 2019.
To avoid detection, O’Connor and his accomplices converted part of the stolen cryptocurrencies into bitcoin and transferred a portion of the money to an account he controlled at a cryptocurrency exchange.
Joseph O’Connor’s sentence was announced on June 23. After three years of supervised release, he will be sentenced to five more years in jail. He was also ordered to pay $794,012.64 in forfeiture.
In addition to the SIM swap attack, O’Connor pleaded guilty to multiple other crimes related to the major Twitter breach in July 2020. He and his team used social engineering and SIM swapping to hack over 130 prominent Twitter accounts, as well as accounts on TikTok and Snapchat. They then either sold access to these accounts or used them to commit fraud.
O’Connor’s crimes included blackmail, stalking, and swatting. He blackmailed a victim on Snapchat by threatening to release private messages publicly unless they promoted his online persona. He stalked and threatened another victim, and he orchestrated swatting attacks by falsely reporting emergencies to authorities or sending messages to the families of his victims, threatening to take their lives.
Although O’Connor’s crimes happened years ago, SIM swap attacks are still a major threat to the crypto sector. Even if two-factor authentication is set, these attacks provide thieves the ability to manage a victim’s phone number and get access to their accounts.