TLDRs:
- UK court orders Joseph O’Connor to return $5.4M in Bitcoin from 2020 celebrity Twitter hack.
- Obama, Biden, Elon Musk, and other high-profile accounts were compromised in the July 2020 attack.
- Civil recovery law allows UK authorities to seize cryptocurrency even after foreign convictions.
- Security experts highlight the need for hardware keys and phishing-resistant authentication.
A UK court has ordered Joseph James O’Connor, the hacker behind the infamous 2020 Twitter breach targeting Barack Obama and several other celebrities, to repay £4.1 million (US$5.4 million) in Bitcoin.
The civil recovery order was obtained by the Crown Prosecution Service (CPS) to reclaim cryptocurrency assets linked to the attack, marking a significant seizure under UK proceeds-of-crime law.
O’Connor, 26, was convicted in the United States in 2023 for computer intrusion, wire fraud, and extortion. He received a five-year prison sentence for his role in the scheme, which manipulated Twitter’s internal admin tools through social engineering to hijack verified accounts.
Celebrities Among Victims
The July 2020 hack compromised high-profile accounts including Barack Obama, Joe Biden, Elon Musk, Bill Gates, Warren Buffett, and Kim Kardashian.
The hijacked accounts were used to solicit cryptocurrency from unsuspecting followers, raising over $117,000 in Bitcoin through a combination of social engineering and SIM-swap attacks. X responded by temporarily restricting verified accounts to contain the fallout.
The UK civil recovery order focuses on 42 Bitcoin linked to the scam. A court-appointed trustee will liquidate the assets, with the aim of partially restoring funds to affected parties. While O’Connor had already forfeited more than $794,000 in the U.S., the $5.4 million recovery highlights the ongoing efforts to track and reclaim cryptocurrency from cybercriminals.
UK Law Enables Cross-Border Recovery
The civil recovery order demonstrates the reach of UK proceeds-of-crime legislation, which permits authorities to seize assets even if the original conviction occurred abroad.
The CPS has returned ÂŁ95 million to victims out of ÂŁ478 million recovered over the past five years, though restitution timelines remain uncertain.
This case underscores the challenges of international cybercrime, where multiple jurisdictions may be involved and victims’ recoveries often take years.
Security Lessons From the Breach
The 2020 Twitter attack exploited weak internal controls and employee credentials, showing the vulnerability of high-value social media accounts.
Experts stress the importance of implementing phishing-resistant authentication, such as FIDO2 hardware keys and passkey solutions, especially for enterprise teams managing celebrity or executive accounts.
X’s recent security key migration failure in 2025 further highlighted these risks, locking out users during a move from twitter.com to x.com and forcing re-enrollment of hardware keys. Enterprises handling high-profile accounts are urged to strengthen defenses against SIM-swap attacks and social engineering schemes to prevent similar breaches in the future.
Ongoing Implications
The seizure of $5.4 million in Bitcoin is a notable milestone in cybercrime enforcement, but the overall restitution to victims remains partial and uncertain.
As cryptocurrency becomes a frequent target in high-profile hacks, cases like O’Connor’s underscore the growing need for robust digital security measures, cross-border legal coordination, and proactive prevention strategies to protect sensitive online accounts.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
