How PlugwalkJoe's Multi-Year Crime Spree Led to a Five-Year Prison Sentence

British cybercriminal Joseph O’Connor, known by the handle PlugwalkJoe, has received a five-year federal prison sentence following his conviction on multiple charges related to coordinated cryptocurrency theft and social media account hijacking. The U.S. Attorney’s Office for the Southern District of New York announced the sentencing on June 23, revealing that O’Connor must also serve three years of supervised release and forfeit $794,012.64 in criminal proceeds.

The SIM Swap Attack That Started It All

The core offense in O’Connor’s case centered on a sophisticated SIM swap operation targeting a high-level executive at a major cryptocurrency exchange. In April 2019, O’Connor orchestrated a scheme to redirect the victim’s phone number to a device under his control. By intercepting SMS-based two-factor authentication codes, he gained unauthorized access to the executive’s exchange accounts and trading systems, ultimately siphoning off $794,000 in digital assets.

Following the initial theft, O’Connor and his network of co-conspirators went to great lengths to obscure the money trail. They moved the stolen cryptocurrency through dozens of intermediate transfers, converted portions into Bitcoin via multiple exchange services, and eventually funneled portions into accounts registered under O’Connor’s name. This laundering operation demonstrated a clear pattern of intentional concealment designed to evade detection.

The Twitter Breach and Broader Campaign

O’Connor’s criminal activities extended well beyond the single exchange heist. In July 2020, he participated in a coordinated attack on Twitter that compromised approximately 130 high-profile accounts. Operating as part of a larger conspiracy, the group employed social engineering and SIM swapping techniques to seize control of these accounts, netting roughly $120,000 in cryptocurrency through fraudulent schemes.

The Twitter operation revealed the sophistication of O’Connor’s approach. In some cases, the attackers directly controlled the compromised accounts to execute deceptive promotions. In others, they sold access to the hijacked accounts to third parties, creating an additional revenue stream from their unauthorized access.

Beyond financial fraud, O’Connor engaged in harassment and intimidation tactics. He attempted to extort a Snapchat victim by threatening to publicly release private messages unless they promoted his online persona. He also stalked and threatened other individuals, orchestrating swatting incidents—false emergency reports to law enforcement—against specific targets.

Why SIM Swap Attacks Remain a Persistent Threat

Despite O’Connor’s offenses occurring nearly three years ago, SIM swapping continues to plague the cryptocurrency industry. The attack vector works by temporarily transferring a phone number to a SIM card controlled by the attacker. Once activated, the attacker intercepts all incoming calls and messages, gaining access to any account relying on SMS-based two-factor authentication. This fundamental vulnerability in standard authentication practices makes it particularly valuable for targeting high-value crypto holders.

Recent incidents confirm the ongoing danger. In June 2024, analyst ZachXBT documented a coordinated SIM swap campaign against at least eight prominent figures in the crypto space, including Pudgy Penguins founder Cole Villemain, electronic music producer and NFT enthusiast Steve Aoki, and Bitcoin Magazine editor Pete Rizzo. The attackers weaponized the compromised accounts to distribute phishing links, ultimately stealing nearly $1 million in cryptocurrency.

O’Connor’s case represents a landmark conviction in this domain, but it has not deterred other threat actors from pursuing similar tactics. As SMS-based authentication remains commonplace, and high-profile targets continue to store substantial digital assets, the incentive structure for SIM swap attacks shows no signs of weakening.