A Florida state court has sentenced Graham Ivan Clark (18) to three years in juvenile detention over his role in last year’s Twitter hack, which doubled as a Bitcoin scam.
Clark pleaded guilty to co-ordinating the cyberattack, which relied on social engineering to infiltrate Twitter’s systems.
Clark was sentenced as a youthful offender as part of a plea deal, noted the Tampa Times.
This meant Clark avoided the 10-year minimum if he’d been convicted as an adult and the maximum 30-year sentence for organized fraud.
Clark will spend another further three years on probation, during which time the 10-year minimum sentence could apply if he slips up.
“In this case, we’ve been able to deliver those consequences while recognizing that our goal with any child, whenever possible, is to have them learn their lesson without destroying their future,” said State Attorney Andrew Warren in a statement (via Tampa Times).
Warren then added “other potential scammers out there need to see the consequences.”
Hack Twitter… to steal Bitcoin?
According to the Department of Justice (DoJ), Clark took control of the most followed Twitter accounts via an internal “admin tool.”
- Clark gained access to the tool after tricking Twitter employees into believing he worked for the company’s IT department.
- Clark then used the employees’ credentials to access a customer service portal.
- With his crew, Clark took control of 130 accounts by changing their associated email addresses.
Verified accounts belonging to prominent figures including Barack Obama, Warren Buffet, and Kanye West promised to double any Bitcoin sent to a wallet under Clark’s control.
The scam’s addresses reportedly received around 400 transfers totalling $117,000 in Bitcoin in the time it took Twitter to temporarily prevent verified accounts from tweeting at all.
Investigators moved fast to arrest Clark in a couple of weeks. The DoJ has so far charged two others for their role in the cyberattack.
The New York Times (NYT) later profiled Clark’s history of conning Minecraft players out of small amounts of money. NYT also revealed Clark had embroiled himself in the theft of 164 BTC from a Seattle-based tech investor in 2019 — worth about $860,000 at the time.
As for this particular case: Clark’s defense attorney reportedly confirmed his client had handed the Bitcoin stolen in the Twitter hack to authorities.
Clark’s also banned from using computers without law enforcement supervision and will be forced to turn over login credentials to any online accounts he owns.