The young hacker accused of being the mastermind behind a breach last year of high-profile Twitter accounts pleaded guilty on Tuesday in a Florida court, agreeing to serve three years in juvenile prison.
Graham Ivan Clark, 18, faced fraud charges after a hack that compromised Twitter accounts belonging to Elon Musk, Jeff Bezos and former President Barack Obama, among other celebrities. Under Mr. Clark’s control, the accounts tweeted fraudulent messages soliciting Bitcoin, promising to double the money of anyone who sent cryptocurrency.
“No Bitcoin currency was returned as promised to these victims,” said Darrel Dirks, a prosecutor with the Florida state attorney’s office. The scheme netted Bitcoin worth more than $100,000 before it was shut down.
The attack took control of Twitter’s internal systems that are used to manage accounts, and caused a mass shutdown of verified Twitter accounts as the company scrambled to push the hackers out of its systems.
The breach raised questions about Twitter’s corporate security and generated speculation that state-sponsored hackers could be responsible, rather than teenagers.
Mr. Clark grew up in Tampa and, as a child, found ways to trick players of the video game Minecraft, people who knew him at the time told The New York Times. He moved on to selling and swapping rare social media user names on the forum OGUsers, where he connected with other hackers who said they participated in the Twitter breach. Two other young men, Nima Fazeli and Mason Sheppard, were also arrested and faced charges related to the hack.
As part of the plea deal, Mr. Clark agreed to three years in juvenile prison followed by three years of probation. He also agreed not to use computers without permission or supervision from law enforcement. If he violates the terms of the deal, he could face 10 years in adult prison.
Because Mr. Clark is classified as a youthful offender, he may be eligible to serve some of his sentence in a boot camp. He turned over the cryptocurrency he owned at the time of his arrest, prosecutors said, and it will be used to pay restitution to the victims of the hack. He will receive 229 days credit for time served since his arrest last year.
“He took over the accounts of famous people, but the money he stole came from regular, hard-working people. Graham Clark needs to be held accountable for that crime, and other potential scammers out there need to see the consequences,” Hillsborough’s state attorney, Andrew Warren, said in a statement. “In this case, we’ve been able to deliver those consequences while recognizing that our goal with any child, whenever possible, is to have them learn their lesson without destroying their future.”
David Weisbrod, a lawyer for Mr. Clark, declined to comment on the plea deal.