The teenager who hacked the accounts of prominent Twitter users last year has been sentenced to three years in juvenile detention after pleading guilty.
Graham Clark orchestrated the hijacking of high profile Twitter accounts belonging to Bill Gates, Elon Musk, Barack Obama, Jeff Bezos, Kanye West, tech giant Apple, and dozens of others in order to trick people into sending him bitcoin.
Clark's scam involved tweeting statements like “all Bitcoin sent to my address below will be sent back doubled” from accounts with millions of followers and led to Twitter briefly suspending verified accounts from posting.
All told, Clark received around 12.9 bitcoin in the scam – worth over $900,000 today.
On Tuesday, the 18-year-old plead guilty to 30 fraud and hacking charges in a Florida court where he was sentenced to three years in a juvenile detention facility, followed by three more years of probation.
Because he was only 17 at the time of the incident, the state charged Clark as a minor.
The separate charges carry a combined maximum sentence of 85 years for adults.
“Graham Clark needs to be held accountable for that crime, and other potential scammers out there need to see the consequences,” said Hillsborough State Attorney Andrew Warren in a statement.
“In this case, we’ve been able to deliver those consequences while recognising that our goal with any child, whenever possible, is to have them learn their lesson without destroying their future.”
Some of the tweets sent out during the scam. Image: FBI
Clark's probation comes with a set of special conditions restricting his access to electronic devices and the internet.
He is prohibited from using computers or the internet without permission, must relinquish all login credentials for services he uses, and must use his "true identity" when he does go online.
If he breaches parole, the hacker will need to serve ten years in prison.
Clark got hold of the accounts through a spear-phishing campaign targeting Twitter staff. Using their credentials, he accessed internal tools to disable two-factor authentication then reset the passwords of more than 130 accounts.
Clark's lawyer said he has given back the ill-gotten cryptocurrency gained through his scam.