Teen hacker agrees to 3 years in prison for Twitter Bitcoin scam

A Florida teenager has pleaded guilty to fraud charges after coordinating the hack of high-profile Twitter accounts to run a cryptocurrency scam that collected roughly $120,000 worth of bitcoins.

Graham Ivan Clark was charged last year as an adult in July 2020, he turned 18 in January 2021, as the first suspect and the one who orchestrated last year's Twitter hack.

He was arrested following an operation coordinated by the FBI, the IRS, and the Secret Service (court documents available here).

The other individuals indicted for their involvement in the attack are Mason Sheppard (Chaewon) from Bognor Regis, United Kingdom, and Nima Fazeli (Rolex) from Orlando, Florida. (criminal complaints available here and here).

Twitter said that Clark and the other attackers took control of high-profile accounts after stealing Twitter employees' credentials after a successful phone spear-phishing attack on July 15, 2020.

Using credentials of Twitter employees with access to internal support tools, they targeted 130 high-profile accounts, accessing the direct messages of 36 (including the inbox of Dutch Member of House of Representatives Geert Wilders), eventually downloading the Twitter Data for seven accounts.

He also sold access to those accounts and, later, used the high-profile and verified Twitter accounts to run a cryptocurrency scam on the social network's platform.

The Twitter accounts of tech companies (@Apple and @Uber), crypto exchanges (@coinbase, @Gemini, and @binance), tech executives, celebrities, and politicians (@JeffBezos, @BarackObama, @elon_musk, @kanyewest, @JoeBiden, @BillGates, and @WarrenBuffett) were some of the 130 used by the hackers to promote their Bitcoin scam.

Clark agreed on Tuesday to be sentenced as a youthful offender to three years in prison, followed by three years of probation.

According to the agreement, Clark pled guilty to multiple counts of organized fraud, communications fraud, fraudulent use of personal information, and access computer without authority, as follows:

• Counts 1— 18 to a term of incarceration as a youthful offender of three (3) years as to each count to run concurrently with each other and, if he qualifies, to the basic training (boot camp) provision of the youthful offender law. Mr. Clark's incarceration shall run consecutive to the term of probation imposed as to Counts 19—30.
• Mr. Clark shall receive credit for jail time since his arrest on July 31, 2020, toward the incarceration portion of the sentence imposed.
• Counts 19—30 to a term of three (3) years probation on each count to run concurrent with each other, but consecutive to the term of incarceration on Counts 1—18.

"The seven-and-a-half months Clark has already spent behind bars will be applied toward his three years of incarceration," according to a press release from the Hillsborough State Attorney’s Office.

"Along with his probation, this means Clark will remain under supervision until the middle of 2026, when he will be 23 years old."

David T. Weisbrod, Clark's defense attorney, also confirmed in the plea agreement signed on March 12th that "all Bitcoin acquired from the charged offenses" was returned to law enforcement.

"He took over the accounts of famous people, but the money he stole came from regular, hard-working people," Hillsborough State Attorney Andrew Warren said in a statement published on Tuesday. "Graham Clark needs to be held accountable for that crime, and other potential scammers out there need to see the consequences."

"In this case, we’ve been able to deliver those consequences while recognizing that our goal with any child, whenever possible, is to have them learn their lesson without destroying their future."