Twitter Hacker Faces $5 Million Bill as Stolen Crypto Skyrockets

The hacker behind one of the most notorious Twitter breaches in recent memory, which targeted high-profile accounts including those of Elon Musk and Barack Obama, is now facing a staggering $5 million bill. This substantial sum comes after a civil recovery order was issued for cryptocurrency he stole, the value of which has dramatically increased since the original scam. This development highlights the long arm of the law in pursuing digital assets and the volatile nature of cryptocurrency markets.

The 2020 Twitter Hack: A Digital Hijacking

In July 2020, Joseph James O’Connor, then 26, orchestrated a widespread Twitter attack that compromised numerous prominent accounts globally. Among the victims were influential figures such as Barack Obama, Joe Biden, Elon Musk, Jeff Bezos, and Kim Kardashian, alongside other world leaders, tech executives, and major brands. The modus operandi involved O’Connor and his accomplices gaining access to Twitter’s internal administrative tools, which allowed them to hijack over 130 accounts.

From these compromised accounts, fraudulent tweets were broadcast, urging followers to send Bitcoin to a specific address with the promise of receiving double the amount in return. This classic “double-your-money” cryptocurrency scam managed to collect more than $794,000 from unsuspecting individuals. The incident exposed significant vulnerabilities in social media security and sent shockwaves across the digital world, prompting Twitter (now X) to briefly lock down verified accounts to contain the spread of the scam to over 350 million users.

Crypto’s Volatility Turns Against the Hacker: The $5 Million Bill

While Joseph James O’Connor was jailed in the United States in 2023 for his role in the scheme, facing a five-year prison sentence, the value of the cryptocurrency he held silently surged. This week, the UK’s Crown Prosecution Service (CPS) confirmed it had successfully secured a civil recovery order. The order targets 42.378 BTC, 235.329 ETH, 143,273.57 BUSD, and 15.23 USDC linked to O’Connor. These digital assets are now valued at approximately £4.1 million, which translates to over $5 million.

The dramatic increase in value is largely attributed to Bitcoin’s significant price appreciation. Prosecutors noted that Bitcoin’s price near $92,800 today is almost ten times higher than it was in mid-2020, amplifying the worth of the remaining stolen assets. These assets, once worth a mere fraction of their current valuation at the time of the hack, are slated for liquidation by a court-appointed trustee. Despite O’Connor, who now resides in Spain, not participating in the London hearing, his mother conveyed his willingness to forfeit all remaining interest in the funds.

O’Connor’s legal troubles began with his extradition from Spain and subsequent guilty plea in the U.S. to a range of offenses, including computer intrusion conspiracies, wire fraud conspiracy, money laundering conspiracy, extortion, threatening communications, and stalking. The CPS had proactively obtained a Property Freezing Order during the extradition process to prevent the movement of the cryptocurrency. Adrian Foster, Chief Crown Prosecutor for the CPS Proceeds of Crime Division, emphasized that this case underscores the authorities’ commitment to pursuing criminal profits, even when convictions occur overseas.

A Broader Look at Crypto Cybercrime and Enforcement

The case of the hacker behind the Musk & Obama Bitcoin scam unfolds against a backdrop of escalating crypto-related cybercrime globally. Governments and law enforcement agencies are grappling with a rapid rise in sophisticated digital extortion schemes and a sharp increase in crypto laundering. Data from Global Ledger indicates that in the first eight months of 2025 alone, hackers stole over $3 billion across 119 incidents, already surpassing the total for 2024 by 1.5 times.

International cooperation in combating these digital threats is also intensifying. For instance, in November, the U.S. Justice Department initiated efforts to seize more than $15 million in USDT linked to North Korea’s APT38 hacking unit, which is associated with several major exchange breaches in 2023. Similarly, Europol successfully dismantled a cybercrime syndicate responsible for creating over 49 million fake online accounts, many of which were used on crypto platforms through large-scale SIM-farm infrastructure.

Despite the concerning rise in overall cybercrime, recent data suggests some short-term improvements in the security landscape for crypto platforms. October 2025 was notably recorded as the safest month of the year, with only $18.18 million lost to hacks—an 85% reduction from September.

Conclusion

The substantial forfeiture faced by the hacker behind the infamous 2020 Twitter breach serves as a powerful reminder of several key aspects of the digital age. It highlights the persistent efforts of law enforcement across international borders to track and recover illicit gains, regardless of where the crime was committed or the criminal convicted. Furthermore, it starkly illustrates the double-edged sword of cryptocurrency’s volatility, where assets stolen can either dwindle or, as in this case, swell to many times their original value, profoundly impacting the scale of justice served. As cybercrime continues to evolve, this outcome reinforces the message that digital illicit activities carry real-world consequences, with authorities increasingly equipped to pursue ill-gotten digital wealth.