Graham Ivan Clark, the teenage hacker accused by authorities of being the mastermind behind the infamous Twitter Bitcoin hack last year, has pleaded guilty to 30 charges against him. Under the agreement, he agreed to serve a three-year prison sentence in a youth facility. According to the New York Times and Tampa Bay Times, he was classified as a “juvenile offender” under Florida law, which enabled him to avoid the minimum 10 year sentence he would have received as an adult.
Clark was arrested back in July 2020 when he was 17, along with two other people, a few weeks after the Twitter hack that took over several high profile accounts. On July 15 last year, some of the most-visited personalities and businesses on the site – including President Barack Obama, President Joe Biden, Elon Musk, Bill Gates, Uber, Apple, Kanye West, and Jeff Bezos – tweeted that they were “giving” back to the community “and would double every bitcoin sent to a specific wallet. The attackers managed to obtain $ 117,000 worth of bitcoin before the program was discontinued.
After Twitter investigated the breach, it announced that the perpetrators had gotten into the compromised accounts via social engineering. They were apparently aimed at Twitter employees with access to internal systems and tools, which they then used to take control of highly visible accounts. However, these tools not only gave them the ability to change account details and passwords, they also gave them access to the account holders’ DMs. In fact, Twitter confirmed that the attackers exported the data to “up to eight of the accounts involved”. According to NYT, Clark and his cohorts originally used their access to Twitter’s internal system to take over accounts with one-word or unusual usernames like @dark, which they then sold for thousands on the OGUsers forum. They switched tactics halfway and instead carried out the bitcoin scam.
According to a profile published by the NYT after his arrest, Clark was caught stealing bitcoins by a Seattle-based tech investor back in 2019, but was not arrested for being a minor. Clark handed over any bitcoins in his possession after his arrest and agreed not to use computers in the business without permission or supervision from law enforcement. He could serve part of his sentence in a military-style boot camp, but he could also spend up to 10 years in adult prison if he breached the terms of the agreement.