Tampa teenager and two others arrested for Twitter Bitcoin hack

Three individuals were charged for their roles in the scam.

NurPhoto via Getty Images

Authorities in Tampa, Florida have arrested 17-year-old Graham Clark for being the alleged “mastermind” behind the Twitter Bitcoin hack that targeted several high-profile accounts on July 15th, 2020.

Two other individuals were also charged for their alleged roles in the Twitter hack, according to the Department of Justice. They are Mason Sheppard (aka “Chaewon”), 19, of Bognor Regis in the United Kingdom, and Nima Fazeli (aka “Rolex”), 22, of Orlando, Florida. Sheppard was charged with “conspiracy to commit wire fraud, conspiracy to commit money laundering and the intentional access of a protected computer.” Fazeli, on the other hand, was charged for “aiding and abetting the intentional access of a protected computer.” Both Sheppard and Fazeli were charged in a criminal complaint in the Northern District of California.

Clark was unnamed by the Department of Justice due to his juvenile status, but was outed by the WFLA affiliate in Tampa, Florida. Clark will be prosecuted in Hillsborough County instead.

According to WFLA, Hillsborough State Attorney Andrew Warren has filed 30 felony charges against the teen, which include one count of organized fraud, one count of fraudulent use of personal information with over $100,000 or 30 more victims, one count of access to computer or electronic device without authority, 10 counts of fraudulent use of personal information and 17 counts of communications fraud.

The outlet reported that the hacked tweets had directed followers to send Bitcoin to accounts that were associated with the Tampa teenager.

“Upon opening an investigation into this attack, our investigators worked quickly to determine who was responsible and to locate those individuals," said FBI Special Agent in Charge John L. Bennett in a statement. “While investigations into cyber breaches can sometimes take years, our investigators were able to bring these hackers into custody in a matter of weeks. Regardless of how long it takes us to identify hackers, we will follow the evidence to where it leads us and ultimately hold those responsible for cyber intrusions accountable for their actions. Cyber criminals will not find sanctuary behind their keyboards.”

Kelly R. Jackson, IRS Criminal Investigation Special Agent in Charge of the Washington D.C. Field Office said that its Cyber Crimes Unit analyzed the blockchain and de-anonymized bitcoin transactions, which allowed them to identify two of the above hackers.

The Twitter hack on July 15th originally targeted Bitcoin-related accounts, but then expanded to include accounts of high-profile celebrities and politicians such as Elon Musk, Bill Gates, Kanye West, Jeff Bezos, Mike Bloomberg, Joe Biden and even former president Barack Obama. The hacked tweets told their followers to send Bitcoin to a certain address, with the promised exchange of double the amount of Bitcoin in return.

According to Twitter, the hack was orchestrated via a phone spear phishing attack that targeted a few of its employees. The perpetrator then “used their credentials to access our internal systems and gain information about our processes.” There was a report that said access came from finding logins in a Slack channel, but Twitter has not confirmed it.

The company said that the attacker targeted 130 accounts, tweeted from 45 of them, accessed 36 DM inboxes and copied account data from 7. Twitter has said that it is now improving its “methods of detecting and preventing inappropriate access” to its internal systems and “prioritizing security work” across its teams.

Twitter later left a statement expressing gratitude to law enforcement:

Update 7/31 3:33pm: Updated story with details from Department of Justice on the two additional individuals who were accused and charged for the Twitter hack.