Twitter hacker will serve three years in prison for infamous Bitcoin scam

The Twitter logo in the background of a a coin representing the physical embodiment of Bitcoin

The teenage mastermind who orchestrated a Bitcoin scam by breaching high-profile Twitter accounts last year has agreed to serve three years in prison following a guilty plea.

In a deal with prosecutors, 18-year-old Graham Ivan Clark has agreed to a short prison term after pleading guilty to hacking the Twitter accounts of several high-profile users to fool their followers into giving away Bitcoin.

He pled guilty to organised fraud, which carries a maximum sentence of 30 years, according to the Tampa Bay Times, although he is being sentenced as a “youthful offender” and so avoids a lengthy prison term.

“Graham Clark needs to be held accountable for that crime, and other potential scammers out there need to see the consequences,” said Hillsborough state attorney, Andrew Warren.

“In this case, we’ve been able to deliver those consequences while recognizing that our goal with any child, whenever possible, is to have them learn their lesson without destroying their future.”


Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation


Clark, who was 17 at the time, infiltrated a series of social media accounts belonging to the likes of Bill Gates, Barack Obama and Elon Musk, among others, using internal Twitter tools reserved for employers.

Upon accessing these accounts, he posted a message requesting $1,000 worth of Bitcoin in addition to the address of a Bitcoin wallet, with the promise of sending back $2,000 under the guise of “giving back to the community”.

The incident represented a massive violation of Twitter’s security setup, with approximately 130 accounts targeted during the incident and 45 accounts compromised to the point the hacker could send tweets. This is alongside accessing the direct message inboxes of up to 36 individuals and downloading the Twitter data of 7.

In the aftermath of the incident, Twitter announced improvements to its security policies in order to prevent similar incidents from happening in the future. From July, for example, Twitter would improve its security tools as well as expand workstreams across the entirety of the business. It also improved methods to detect “inappropriate access” to internal systems, in addition to prioritising security development across a number of teams.

Keumars Afifi-Sabet

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.