The 17-Year-Old Hacker Who Bypassed Elon Musk and Stole Millions in Bitcoin

The Real Story Behind the Biggest Social Engineering Attack on Twitter

It was not a cyberwar. It was not a Russian elite syndicate. It was a broken teenager from Florida armed with a laptop, a phone, and the audacity to change Silicon Valley. Graham Ivan Clark did something that no one thought possible: he didn't hack code — he hacked people.

The Tuesday That Changed Everything

On July 15, 2020, verified accounts of Elon Musk, Obama, Bezos, and Apple posted the same thing:

“Send me $1,000 in BTC and I'll send you back $2,000.”

It looked like a meme. It wasn't. In hours, over $110,000 in Bitcoin flowed to wallets controlled by the attacker. Twitter disabled all globally verified accounts for the first time in its history.

The responsible one? A 17-year-old boy from Tampa, Florida.

From Scams in Video Games to Controlling Twitter

Graham grew up without money, without direction. While others played Minecraft, he scammed players by selling them fake items. At 15, he joined OGUsers, a hacker forum where he learned social engineering — he didn't need to know programming, just psychology.

At 16, he mastered SIM swapping: convincing phone employees to gain control of other people's numbers. With that, he gained access to emails, crypto wallets, bank accounts. His victims included high-profile crypto investors who posted their wealth online. Venture capitalist Greg Bennett woke up one day without $1 million in BTC.

The Final Jump: Twitter From the Inside

In mid-2020, Graham had a goal: to hack Twitter before turning 18. During the COVID lockdowns, employees worked remotely from personal devices.

Graham and his accomplice pretended to be internal technical support. They called saying they needed to “reset credentials” and sent fake login pages. Dozens of employees fell for it. Gradually, they accessed internal accounts — until they found an account with “God mode”.

Suddenly, two teenagers controlled 130 of the most powerful accounts on the planet.

The Tweet of $110,000

At 8 PM, the tweets went out. Global chaos. Blue checks blocked. Celebrities in panic.

Hackers could have crashed markets, leaked private DMs, posted false war alerts. Instead, they just collected crypto. Because it wasn't about money — it was about proving they could control the biggest megaphone on the internet.

The Capture and Legal Escape

The FBI tracked him in two weeks — IP logs, Discord messages, SIM data. Graham faced 30 criminal charges. Potential: 210 years in prison.

But he negotiated a deal. As he was a minor, he served only 3 years in juvenile prison and 3 years of probation. He was arrested at 17. He was released at 20. And he kept most of the money — legally.

The Ironic Turn

Today, Graham is free. Wealthy. X (formerly Twitter) under Elon is flooded with daily crypto scams. The same tactics that made him rich work every day on millions of users.

He tested a brutal truth: you don't need to break the system if you deceive the people who run it.

How Not to Be the Next Victim

• Discard urgency. Real businesses do not ask for instant payments.
• Never share codes or credentials
• Do not trust verified accounts. They are the easiest to impersonate.
• Verify URLs before logging in

The attack on Twitter was not technical — it was psychological. Fear, greed, and trust remain the most exploitable vulnerabilities on the planet.