A 17 year-old has been arrested in Tampa, Florida and is accused of being the lead actor behind the Twitter cryptocurrency hack.
Hillsborough, Florida has filed 30 felony charges against Graham Clark, in connection with the July 15 Twitter attack. That attack resulted in dozens of high-profile Twitter accounts, including Apple's, to post a scam asking for a Bitcoin deposit, that the post alleged would then be doubled.
According to State Attorney Andrew Warren, the hack and messages resulted in over $100,000 in Bitcoin transferred to an account held by the teen.
"I want to congratulate our federal law enforcement partners - the US Attorney's Office for the Northern District of California, the FBI, the IRS, and the Secret Service - as well as the Florida Department of Law enforcement," State Attorney Warren said in a statement to WFLA. "They worked quickly to investigate and identify the perpetrator of a sophisticated and extensive fraud,"
We appreciate the swift actions of law enforcement in this investigation and will continue to cooperate as the case progresses. For our part, we are focused on being transparent and providing updates regularly.— Twitter Comms (@TwitterComms) July 31, 2020
For the latest, see here https://t.co/kHty8TXaly
"This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems," Twitter said in a tweet on Thursday. "By obtaining employee credentials, they were able to target specific employees who had access to our account support tools."
Clark allegedly used Twitter's admin privileges to bypass two-factor authentication protections on accounts. The attacker then changed the email and passwords of exploited accounts accounts.
Beyond the statement, on Thursday, Twitter provided additional information about the attack, again saying a total of 130 Twitter accounts were targeted in the operation. Tweets were sent out from 45 accounts, including Apple, Elon Musk and Jeff Bezos.
In addition to the Tweets asking for the Bitcoin, the direct message inboxes of 36 accounts, still not yet named, were accessed. Undisclosed "Twitter Data" from seven accounts was also downloaded, Twitter says.