Three people charged for the massive Twitter hack

A few days ago, Twitter was hacked which gave access to the platform’s internal tool to the hackers. The hackers then used it to carry out a Bitcoin-related scam by tweeting from Twitter account of well-known persons and companies.

This was the biggest security and privacy breach in Twitter’s history. It was reported that within hours, the alleged hacker “Kirk” managed to generate over $100,000 through Bitcoins.


Now, the FBI, IRS, US Secret Service, and Florida law enforcement have arrested 17-year-old Graham Clark of Florida, accusing him of being a mastermind behind the attack. Along with him, 22-year-old Nima Fazeli (alias “Rolex”) of Orlando and 19-year-old Mason Sheppard (alias “Chaewon”) from the UK have also been charged.

It is also being reported that an unidentified minor from California has also admitted to the federal agents of helping “Chaewon” sell access to Twitter accounts. But it seems that authorities believe that Graham Clark is the one who got access to the internal tools and carried out the scam.

The affidavit reveals that he allegedly convinced a Twitter employee of working in the company’s IT department and tricked the employee to give him credentials.

What are the Charges?

Graham Clark is being charged with more than 30 felony counts, including organized fraud, communications fraud, identity theft and hacking. Although being 17-year-old, he is being charged as an adult.

On the other hand, Mason Sheppard is being charged with computer intrusion, wire fraud conspiracy, and money laundering conspiracy. Nima Fazeli is charged with aiding and abetting the intentional access of a protected computer.

The maximum sentence for the charges are as follow:

  • Computer Intrusion – 5 years in prison and a fine of up to $250,000
  • Wire Fraud Conspiracy – 20 years in prison and a fine up to $250,000
  • Money Laundering Conspiracy – 20 years in prison and a fine up to $250,000

How were hackers identified?

The hackers were identified after an IRS-CI special agent analyzed the bitcoin deposits and withdrawals in the blockchain. This allowed the transactions to be de-anonymize.

Mason Sheppard was found out partly because he used his personal driver’s license to verify himself with Binance and Coinbase. His accounts sent and received some of the scammed bitcoins. Nima Fazeli also used a driver’s license to verify with Coinbase and the account was used to receive payments for stolen Twitter usernames.

Correlating data from three platforms — Discord, OGUsers, Coinbase, the FBI was able to track hacker identities and link them to email and IP addresses.

Details of the hack/scam

Twitter said that hackers targeted 130 accounts, tweeting from 45 of those accounts and accessed direct messages of 36 accounts. They also downloaded data from seven Twitter users.

With the Bitcoin-related tweets from high-profile accounts, the hackers were able to generate 415 bitcoin transfers into a cryptocurrency account controlled by them, earning more than $117,000. Later, Coinbase blocked transactions to the scam addresses, preventing another $280,000 from being sent to the hackers.

Source 1 | Source 2 | Source 3