Graham Ivan Clark, the teenage hacker who authorities accused of being the mastermind behind the infamous Twitter Bitcoin hack last year, has pleaded guilty to 30 charges against him. As part of the deal, he agreed to serve a three-year prison sentence at a juvenile facility. According to The New York Times and Tampa Bay Times, he was classified as a “youthful offender” under Florida law, allowing him to avoid the minimum 10—year sentence he would’ve gotten as an adult.
Clark was arrested back in July 2020 when he was still 17—years—old, along with two other individuals, a couple of weeks after the Twitter hack that took over multiple high-profile accounts happened. On July 15th last year, some of the most-followed personalities and companies on the website — including President Barack Obama, President Joe Biden, Elon Musk, Bill Gates, Uber, Apple, Kanye West and Jeff Bezos — tweeted that they were “giving back to the community” and would double any Bitcoin sent to a specific wallet. The attackers managed to get $117,000 in Bitcoin before the scheme was shut down.
After looking into the security breach, Twitter announced that the perpetrators got into the compromised accounts through social engineering. They apparently targeted Twitter employees with access to internal systems and tools, which they then used to take control of highly visible accounts. Those tools didn’t just give them the power to change accounts details and passwords, though — it also gave them access to the account owners’ DMs. In fact, Twitter confirmed that the attackers exported the data on “up to eight of the accounts involved.” NYT says Clark and his cohorts originally used their access to Twitter’s internal system to take over accounts with one-word or unusual usernames, such as @dark, which they then sold on the OGUsers forum for thousands. They switched tactics halfway through and ran the Bitcoin scam instead.
According to a profile the NYT published after his arrest, Clark already got caught stealing Bitcoins from a Seattle-based tech investor in 2019 but wasn’t arrested because he was a minor. Clark turned over all the Bitcoins in his possession after he was arrested, and he agreed not to use computers without permission or supervision from law enforcement as part of the deal. He could serve some of his sentence in a military-style boot camp, but he could also spend up to 10 years in adult prison if he violates the terms of the agreement.