PlugwalkJoe Receives Five-Year Prison Sentence for Cryptocurrency Theft and Coordinated Cybercrimes

British cybercriminal Joseph O’Connor, operating under the alias PlugwalkJoe, has been sentenced to five years in U.S. federal prison following convictions related to stealing nearly $800,000 in cryptocurrency through coordinated SIM swap attacks and social engineering schemes. The sentencing, handed down in June 2024 by the U.S. Attorney’s Office for the Southern District of New York, represents a significant victory in law enforcement’s ongoing battle against digital asset theft and account hijacking.

O’Connor’s legal troubles began when he was apprehended in Spain during July 2021, subsequently extradited to the United States in April 2023, and ultimately entered guilty pleas to multiple serious offenses. These charges encompassed conspiracy to commit computer intrusions, wire fraud conspiracy, and money laundering conspiracy. Beyond the prison term, O’Connor was mandated to forfeit $794,012.64 and serve three years of supervised release following his incarceration.

The Multi-Layered Criminal Operations Behind PlugwalkJoe’s Conviction

The case against O’Connor reveals a sophisticated criminal operation spanning multiple years and targeting high-profile individuals across different platforms. His illicit activities peaked between 2019 and 2020, during which he orchestrated attacks that exploited vulnerabilities in both personal and corporate security infrastructure.

The most significant incident occurred in April 2019, when O’Connor executed a SIM swap attack targeting a cryptocurrency exchange executive. After gaining control of the victim’s phone number by having their SIM card transferred to a device under his control, O’Connor leveraged this access to breach company accounts and digital systems. The attack ultimately netted approximately $794,000 in cryptocurrency, which O’Connor and his associates subsequently laundered through dozens of transactions. According to the official court statement, portions of the stolen assets were converted into Bitcoin using various cryptocurrency exchange services, with some being deposited into accounts controlled by O’Connor himself.

Demonstrating the scope of his criminal ambition, O’Connor also participated in the high-profile Twitter hack of July 2020. In this operation, he and co-conspirators deployed sophisticated social engineering techniques and SIM-swapping tactics to compromise approximately 130 prominent Twitter accounts, as well as notable accounts on TikTok and Snapchat. The coordinated breach generated roughly $120,000 in illicit cryptocurrency gains. Notably, O’Connor then weaponized some of this access for extortion purposes—he attempted to blackmail a Snapchat victim by threatening to publicize private messages unless they promoted his online persona. The hacker also engaged in stalking, making threats against victims, and orchestrating swatting attacks by making false emergency reports to law enforcement.

Understanding SIM Swap Technology and Its Security Implications

A SIM swap attack represents a deceptively straightforward yet devastating exploitation of telecommunications infrastructure. The attacker contacts a mobile carrier, impersonating the target, and requests that the victim’s phone number be transferred to a SIM card the attacker controls. Once successful, all incoming calls and text messages destined for the victim are rerouted to the attacker’s device.

This technical capability becomes particularly dangerous in cryptocurrency and digital asset contexts because many users rely on SMS-based two-factor authentication to protect their accounts. An attacker with control over a victim’s phone number can receive authentication codes, reset passwords, and gain unauthorized access to cryptocurrency wallets, exchange accounts, and other sensitive digital assets. The scheme frequently targets high-profile individuals by using compromised social media accounts to distribute phishing links that deceive followers into surrendering their own digital assets.

The Persistent SIM Swap Threat in 2024 and Beyond

Despite O’Connor’s crimes occurring roughly four to five years ago, SIM swap attacks continue to represent a critical and evolving threat within the cryptocurrency ecosystem. The persistence of this attack vector was underscored recently when blockchain researcher ZachXBT identified an active criminal group that successfully executed SIM swap attacks against at least eight prominent cryptocurrency industry figures. The compromised victims included Cole Villemain, founder of Pudgy Penguins; Steve Aoki, a renowned DJ and NFT collector; and Pete Rizzo, editor of Bitcoin Magazine.

This recent incident demonstrates that despite heightened awareness following high-profile cases like PlugwalkJoe’s, attackers continue to successfully exploit the gap between telecommunications security practices and the security requirements of cryptocurrency holders. The criminal group’s recent operation resulted in losses approaching $1 million, with attackers leveraging the hacked accounts to distribute phishing links that deceived other cryptocurrency enthusiasts into transferring their assets.

The PlugwalkJoe case and ongoing incidents illustrate that SIM swap attacks persist not because the technical vulnerability is invisible—it’s well documented and understood—but rather because telecommunications companies face persistent social engineering pressures and face competing priorities in rapidly processing legitimate customer service requests. For cryptocurrency users, this reality underscores the critical importance of implementing multi-layered security approaches that extend well beyond SMS-based authentication methods.