A British national has been charged in the United States over his role in a scheme that involved the use of SIM swapping to steal roughly $784,000 worth of cryptocurrency.
The man, Joseph James O’Connor, 22, was previously charged for using SIM swapping to hack over a hundred high-profile Twitter accounts in July 2020, to promote a cryptocurrency fraud scheme. O’Connor was arrested in Spain earlier this year.
In SIM swapping attacks, cybercriminals pose as their intended victims in conversations with mobile network provider support staff, in an attempt to have a victim’s phone number transferred to a SIM card in the attacker’s possession.
Once the process has been completed, the victim’s messages and calls are directed to the attacker, who then attempts to change login information for the victim’s online accounts, to take control of them.
An indictment the U.S. Department of Justice unsealed this week alleges that, between March 2019 and May 2019, O’Connor, who used the online moniker of PlugwalkJoe, engaged in a SIM swapping scheme that ultimately resulted in the theft of approximately $784,000 worth of virtual coins from a Manhattan-based cryptocurrency company.
The SIM swapping attack was performed on April 30, 2019, and targeted an executive at the victim company. This allowed O’Connor and his co-conspirators to compromise multiple accounts and computers at the target company, the indictment alleges.
The next day, the cybercriminals used the unauthorized access to steal and divert funds from cryptocurrency wallets maintained by the company, including Bitcoin cash, Litecoin, Ethereum, and Bitcoin.
According to the indictment, O’Connor and his co-conspirators then laundered the funds through multiple transfers and transactions and by exchanging the cryptocurrency for Bitcoin. Some of the funds were deposited into a cryptocurrency exchange account that O’Connor controlled.
The defendant is charged with conspiracy to commit computer hacking and wire fraud, aggravated identity theft, and conspiracy to commit money laundering, charges for which he could be sentenced to many years in prison.
Related: UK Man Arrested in Spain, Charged in US With Twitter Hack
Related: Twitter Hack: 24 Hours From Phishing Employees to Hijacking Accounts