A British hacker jailed in the United States for his role in the 2020 Twitter breach has been directed to return £4.1 million in cryptocurrency traced to the attack.
The Crown Prosecution Service (CPS) confirmed that 42 Bitcoin and other digital assets tied to Joseph James O’Connor will now be recovered under a Civil Recovery Order.
O’Connor, 26, had admitted to gaining access to dozens of high-profile Twitter accounts in July 2020, using them to push fake Bitcoin investment messages that deceived victims across multiple countries.
The attack struck 130 accounts, including those of Barack Obama, Joe Biden, Elon Musk, Bill Gates, Apple and Uber. With internal tools compromised, he bypassed security checks and password protections, turning some of the world’s most visible accounts into vehicles for fraud.
The CPS said the recovered assets show the current market value of the cryptocurrency O’Connor obtained through these schemes. British authorities worked with counterparts in the United States and Spain, where the Twitter hacker was arrested in 2021, to ensure the funds could not be hidden or moved before the order took effect.
Adrian Foster, chief crown prosecutor for the CPS Proceeds of Crime Division, said the case shows that British enforcement can still reach offenders convicted abroad. “Joseph James O’Connor targeted well-known individuals and used their accounts to scam people out of their crypto assets and money,” he said.
“We were able to use the full force of our powers to ensure that even when someone is not convicted in the UK, we can still prevent them from benefiting from their criminality.”
O’Connor, widely known online as “PlugwalkJoe”, was later sentenced to five years in a U.S. court after pleading guilty to computer intrusion, wire fraud, extortion and charges linked to SIM-swapping attacks that stole cryptocurrency and personal data from additional victims.
The July 2020 breach exposed serious vulnerabilities in Twitter’s internal systems. Investigators found that unauthorised access to admin tools allowed hackers to reset passwords and override two-factor authentication.
The fallout pushed Twitter, now X, to overhaul its internal security, tighten staff privileges, introduce multi-layered authentication for internal systems and expand training to minimise insider risks.
The incident also led to discussions on the fragility of social-media infrastructure and the dangers of centralised access systems.
The order against O’Connor ranks among the largest crypto seizures tied to cybercrime in UK legal history. For British prosecutors, it stresses the current use of civil recovery powers to block criminals from profiting even when their convictions occur overseas.
International agencies involved in the case said the outcome reveals the scale of coordination now required to pursue cross-border cybercrime, especially offences involving cryptocurrency, fast-moving digital markets and globally used platforms.
