Hacker Behind Musk & Obama Bitcoin Scam Faces Staggering $5M Bill as Stolen Crypto Soars

A British hacker responsible for one of the most notorious Twitter breaches in recent history, impacting the accounts of global figures like Elon Musk and Barack Obama, is now facing a substantial $5 million bill. The demand comes as the value of his ill-gotten cryptocurrency has significantly appreciated since the 2020 scam, leading to a massive forfeiture order.

The 2020 Twitter Hack and Its Architect

In July 2020, the digital world watched as a widespread cryptocurrency scam unfolded on Twitter, then known as X. High-profile accounts belonging to former US President Barack Obama, current President Joe Biden, Tesla CEO Elon Musk, Amazon founder Jeff Bezos, media personality Kim Kardashian, and other notable figures were compromised. The perpetrator, Joseph James O’Connor, also known by his online alias “PlugwalkJoe,” along with accomplices, gained unauthorized access to Twitter’s internal administrative tools through social engineering tactics. They then used these hijacked accounts to post fraudulent tweets, urging followers to send Bitcoin to a specific address with the false promise of receiving double the amount in return.

The scam initially netted the hackers approximately $794,000 in cryptocurrency, a figure that also encompassed funds stolen through a separate SIM-swapping scheme targeting a Manhattan-based cryptocurrency company. O’Connor, a British national, was arrested in Spain in 2021 and subsequently extradited to the United States in April 2023. He pleaded guilty to a range of charges, including computer intrusion conspiracies, wire fraud conspiracy, money laundering conspiracy, extortion, threatening communications, and stalking. In 2023, he was sentenced to five years in a US prison.

Staggering Forfeiture: $5 Million Bill from Soaring Crypto Value

Despite his conviction and imprisonment in the US, O’Connor’s legal troubles continued in his home country. Recently, the UK’s Crown Prosecution Service (CPS) secured a civil recovery order, made on November 14, 2025, targeting the cryptocurrency assets linked to his criminal activities. The order specifically pertains to 42.378 Bitcoin (BTC), 235.329 Ethereum (ETH), 143,273.57 Binance USD (BUSD), and 15.23 USD Coin (USDC).

Remarkably, these seized assets, which were worth only a fraction of their current value at the time of the 2020 hack, are now valued at approximately £4.1 million, translating to roughly $5 million or $5.4 million. This significant increase is largely due to the substantial surge in the value of cryptocurrencies, particularly Bitcoin, since mid-2020. A court-appointed trustee will now proceed with the liquidation of these assets.

Legal Precedent and International Cooperation

This case highlights the resolute efforts of law enforcement agencies to ensure that criminals do not profit from their illicit gains, even across international borders. Adrian Foster, Chief Crown Prosecutor for the CPS Proceeds of Crime Division, underscored this point, stating that authorities would utilize the full extent of their powers to prevent individuals from benefiting from their criminality, regardless of where their conviction occurred. The CPS’s proactive approach, including obtaining a Property Freezing Order during O’Connor’s extradition proceedings, was crucial in preventing the movement of these digital assets.

The Broader Landscape of Crypto Cybercrime

The Joseph James O’Connor case unfolds amidst a period of increasing concern regarding crypto-related cybercrime globally. Law enforcement agencies worldwide are reporting a rapid escalation in sophisticated digital extortion schemes and cryptocurrency laundering activities. Data from Global Ledger indicated that hackers stole over $3 billion across 119 incidents in the first eight months of 2025 alone, already surpassing the total for the entire year of 2024 by 1.5 times.

This incident is one of many highlighting the ongoing battle against cybercriminals. In November 2025, the US Justice Department initiated efforts to seize over $15 million in USDT connected to North Korea’s APT38 hacking unit, known for its involvement in major exchange breaches. Similarly, Europol has actively dismantled cybercrime syndicates responsible for creating millions of fake online accounts, including those on crypto platforms, using extensive SIM-farm infrastructure. Despite these challenges, there have been some short-term positive developments, with October 2025 recording the safest month of the year for crypto platforms, experiencing an 85% drop in losses from hacks compared to September.

Conclusion

The case of the hacker behind the Musk & Obama Bitcoin scam facing a staggering $5 million bill serves as a potent reminder of the long reach of justice in the digital age. It underscores the commitment of international law enforcement to pursue and recover illicitly gained digital assets, irrespective of their evolving market value. The significant increase in the value of the stolen cryptocurrency also highlights the inherent volatility of the crypto market, which can dramatically impact the financial consequences for those involved in such crimes.