A Tampa teenager was taken into custody Friday, accused of being the “mastermind” behind a huge Twitter hack that targeted some of the world’s most wealthy and influential people, authorities said.
The Hillsborough State Attorney’s Office filed 30 felony charges against Graham Ivan Clark, 17, for “scamming people across America” in the July 15 attack. The scheme “stole the identities of prominent people” and “posted messages in their names directing victims to send Bitcoin” to accounts that were associated with the Tampa teen, prosecutors said. The scheme netted more than $100,000 in one day.
The charges against Clark include organized fraud, 17 counts of communications fraud, one count of fraudulent use of personal information with over $100,000 or 30 or more victims, 10 counts of fraudulent use of personal information, and one count of access to computer or electronic device without authority. WLFA first reported the arrest.
“These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here,” Hillsborough State Attorney Andrew Warren said in a statement. “This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that.”
The Hillsborough State Attorney’s Office said Clark would be charged as an adult, which Florida law allows in financial fraud cases.
In the space of minutes on July 15, the accounts of several famous people and companies all posted messages telling their hundreds of millions of followers to send Bitcoin money to a certain wallet address if they wanted to get double the amount sent back as part of a $10 million giveaway.
Twitter accounts for Barack Obama, Joe Biden, Bill Gates, Apple, Uber, Kanye West, Elon Musk, Jeff Bezos, Wiz Khalifa, and even Kim Kardashian West were among those hacked.
“I am giving back to my fans. All Bitcoin sent to my address below will be sent back doubled. I am only doing a maximum of $10,000,000. Only going on for 30 minutes!” the tweets read, along with an address for the Bitcoin wallet.
Although most of the accounts only posted the message once, Musk’s account—which has previously been the victim of imitators hawking Bitcoin wallets—sent the tweet three times and replied once to Bill Gates.
The coordinated attack forced Twitter to temporarily prevent almost every verified Twitter user from posting tweets or retweets.
At the time, Twitter said the hackers used employees’ corporate accounts to gain access to internal tools with vast capabilities. The hijackers used “social engineering,” whereby malicious actors trick account owners into divulging sensitive information like login credentials, to wrest control from the employees themselves.
Prosecutors, however, said that Clark acted alone when he locked verified users out of their accounts for at least a day. After a nationwide investigation involving the FBI and the Department of Justice, authorities located Clark in Hillsborough County.
“Working together, we will hold this defendant accountable,” Warren said. “Scamming people out of their hard-earned money is always wrong. Whether you’re taking advantage of someone in person or on the internet, trying to steal their cash or their cryptocurrency—it’s fraud, it’s illegal, and you won’t get away with it.”