Sagsmappe
The 17-Year-Old Who Hijacked Twitter's Biggest Accounts
How a teenager orchestrated a massive cryptocurrency scam targeting Elon Musk, Bill Gates, and the world's most influential figures
BEVIS
Sagsdetaljer
Quick Facts
On July 15, 2020, Twitter experienced one of its most humiliating security breaches when 130 high-profile accounts fell under the control of attackers in a matter of hours. The perpetrators used the compromised accounts to promote a "double your bitcoin" scam, stealing thousands of dollars in cryptocurrency before Twitter regained control of the platform.
At the center of the attack was Graham Ivan Clark, just 17 years old at the time. Working alongside accomplices Mason Sheppard, 19, and Nima Fazeli, 22, Clark orchestrated a social engineering attack so sophisticated that it bypassed Twitter's security infrastructure entirely.
The attackers' method was deceptively simple but devastatingly effective. Rather than attempting to crack complex passwords or exploit obscure software vulnerabilities, they targeted Twitter employees directly. The team impersonated Twitter's IT help desk, convincing employees that they needed to verify their credentials. The attackers directed staff to a phishing portal designed to mimic Twitter's legitimate VPN login page. Once employees entered their credentials, the attackers gained access to the company's internal systems.
Timeline
1 January 2019
SIM-Swap-Angriff auf Investor
Clark stiehlt 164 Bitcoins von Angel-Investor Gregg Bennett durch SIM-Swapping
15 July 2020
Twitter-Hack beginnt
Um 20:00 UTC startet die Übernahme von 130 hochrangigen Twitter-Accounts
15 July 2020
Bitcoin-Betrug läuft
Über 320 Personen überweisen insgesamt mehr als 117.000 Dollar in Bitcoin
15 July 2020
Twitter reagiert
Nach zwei Stunden werden die betrügerischen Tweets gelöscht und Accounts gesichert
31 July 2020
Verhaftung von Clark
Graham Ivan Clark wird in Florida festgenommen
1 March 2021
Plea Agreement und Urteil
Clark bekennt sich schuldig und wird zu drei Jahren Haft verurteilt
With internal access secured, the attackers turned their attention to the platform's most famous users. They hijacked accounts belonging to Elon Musk, Bill Gates, Kanye West, Kim Kardashian West, Barack Obama, and many others. The compromised accounts began posting identical messages promoting a cryptocurrency scheme: send bitcoin and receive double the amount in return—a classic advance-fee scam that has defrauded countless victims over the years.
However, the financial scam was only part of the perpetrators' objective. Simultaneously, they were selling "OG" (original) Twitter usernames—coveted early accounts with short, simple handles—on the OGUsers platform for bitcoin. These original usernames are highly prized in online communities and can command significant prices.
The attack lasted for several hours, beginning around 3 a.m. and continuing until Twitter's security team regained control at approximately 6:05 p.m. During that window, the attackers managed to steal a substantial amount in cryptocurrency before the platform's defenses shut down the operation.
The 2020 breach was not Clark's first foray into cybercrime. In 2019, he had been involved in a SIM swap attack—a technique where hackers convince mobile carriers to transfer a victim's phone number to a device they control—that targeted Seattle angel investor Gregg Bennett. That attack resulted in the theft of 164 bitcoins, worth millions of dollars at the time.
Law enforcement eventually identified and prosecuted the perpetrators. Graham Ivan Clark, despite his age, was convicted as a felon for his role in orchestrating the attack. His case highlighted a troubling reality: sophisticated cybercrimes are not always committed by experienced adult hackers operating from foreign countries, but sometimes by tech-savvy teenagers working from their homes.
The Twitter breach exposed critical weaknesses in how tech companies protect their internal systems. While the platform's public-facing security measures might be robust, the human element—employees who can be socially engineered into compromising their own credentials—remains a significant vulnerability. The incident prompted Twitter and other major platforms to reassess their employee security training and access controls.
For the broader cybersecurity community, the 2020 Twitter attack served as a stark reminder that the most sophisticated attacks often rely on rather than technical wizardry. A convincing phone call or email can sometimes accomplish what months of hacking attempts cannot.