London, November 18, 2025 – In a major win for international cybercrime prosecutors, a British hacker convicted in a New York court for the infamous 2020 Twitter breach has been hit with a UK High Court order to surrender £4.1 million ($5.4 million) worth of Bitcoin and other cryptocurrencies tied to his scams. The ruling targets Joseph James O’Connor, whose hacks exposed vulnerabilities in social media security and defrauded victims worldwide.
The 2020 incident, one of the most audacious cyber heists of the decade, saw hackers seize control of over 130 high-profile Twitter accounts – now rebranded as X – including those of former U.S. President Barack Obama, Tesla CEO Elon Musk, then-presidential candidate Joe Biden, Apple, Uber, Bill Gates, and Warren Buffett. Posing as the account owners, the culprits posted fraudulent messages promising to double any Bitcoin sent to specified wallets in a “COVID-19 giveaway” scheme. An estimated 350 million users viewed the scam tweets over a frantic 48 hours on July 15-16, resulting in 426 transfers totaling 12.86 Bitcoin – worth about $110,000 at the time, but now valued at over $1.2 million due to crypto’s surge.
O’Connor, then just 18, played a key role in the operation, which relied on social engineering rather than sophisticated code. The group tricked Twitter employees into handing over internal admin credentials, granting them god-like access to the platform’s tools. Beyond the Bitcoin scam, O’Connor’s crimes extended to extortion: He and accomplices stole $794,000 in virtual currency from a New York-based crypto firm and hacked actress Bella Thorne’s phone to extort nude photos and videos, threatening to leak them online. He also pleaded guilty to separate charges of stalking and making death threats against a 16-year-old girl and her family.
The hacker’s downfall began in Spain in 2021, where authorities arrested him amid a Europe-wide manhunt. After a protracted extradition battle – Spain’s High Court ruled the U.S. had the edge due to evidence and victim proximity – O’Connor was shipped to New York in April 2023. There, he wasted little time copping a plea to conspiracy charges including computer intrusion, wire fraud, money laundering, extortion, and threatening communications. In April 2024, a federal judge in the Southern District of New York slapped him with a five-year prison sentence and ordered immediate forfeiture of the $794,000 stolen from the crypto company.
Released early this year and deported back to Europe – where he now resides with his mother in Spain – O’Connor thought he might evade further reckoning. But Britain’s Crown Prosecution Service (CPS) had other plans. Leveraging a civil recovery order under the Proceeds of Crime Act, prosecutors froze his assets during the extradition phase and pursued the remaining haul: 42 Bitcoin plus assorted cryptocurrencies, ballooned to £4.1 million by Bitcoin’s relentless rally past $80,000 per coin. The High Court granted the order last week, mandating liquidation by a court-appointed trustee to reimburse victims.
“We were able to use the full force of the powers available to us to ensure that even when someone is not convicted in the UK, we are still able to ensure they do not benefit from their criminality,” declared Adrian Foster, Chief Crown Prosecutor for the CPS Proceeds of Crime Division, in a statement hailing the verdict as a blueprint for cross-border asset seizures. O’Connor, now 26, skipped the London hearing but his mother, Sandra, appeared via video link from Spain. She tearfully testified that she was oblivious to her son’s descent into hacking, blaming his “obsessive” gaming and ties to a Call of Duty online crew that introduced him to cybercrime circles.
Public reaction has been swift and unforgiving. On X (formerly Twitter), users resurfaced clips of the scam tweets, with one viral post from @CyberSecWatch quipping, “Karma’s got a wallet address now – send it all back!” The episode reignited debates on platform accountability, with cybersecurity experts like Kevin Mitnick – the original 1980s phone phreak – warning in a recent podcast that social engineering remains the weakest link in Big Tech’s armor. “Kids with keyboards can topple empires if insiders bite,” Mitnick said, echoing calls for mandatory two-factor authentication drills for employees.
This case underscores the evolving global fight against crypto-fueled cyber fraud. While the U.S. nabbed O’Connor on criminal counts, the UK’s civil route proves invaluable for clawing back profits laundered across borders. Victims, from everyday Bitcoin senders to the crypto firm, stand to recover a chunk of their losses – a rare bright spot in an era where hackers like North Korea’s Lazarus Group have pilfered over $6 billion in digital assets this year alone.
Looking ahead, the ruling could embolden more such hybrid prosecutions, blending U.S. muscle with UK financial forensics. As Bitcoin’s value climbs, so does the incentive for authorities to hunt hidden wallets. For O’Connor, it’s a stark reminder: In the digital Wild West, the bounty hunters always collect. Prosecutors vow to monitor his every transaction, ensuring no shred of illicit gain slips through.
By Satish Mehra
Satish Mehra covers cybersecurity and international crime for Global Wire News.
Follow us on X @GlobalWireNews and enable push notifications for real-time alerts on cyber threats, tech breakthroughs, and world headlines. Subscribe to our newsletter for exclusive deep dives!