The Kid Who Hacked the Whole Internet (And Twitter Did Nothing)

July 15, 2020. Elon Musk tweets: “Send me $1,000 in BTC, I’ll send you $2,000 back.” Same message from Obama, Bezos, Biden, Apple — all at once.

People actually believed it. $110,000 in Bitcoin flowed into hacker wallets in minutes.

Here’s the thing: It wasn’t some Russian syndicate. It wasn’t even an adult. It was Graham Ivan Clark — a 17-year-old from Florida with a phone, a laptop, and zero chill.

How a Broke Kid Became the Internet’s Biggest Problem

Graham didn’t start by hacking Twitter. He started small — running Minecraft scams, hacking YouTubers, stealing social media accounts. By 16, he’d mastered SIM swapping: calling phone companies, convincing them to transfer someone’s number to him, then draining their email/crypto wallet.

One victim? A venture capitalist who lost over $1 million in BTC. When he complained, Graham’s crew replied: “Pay or we’ll come after your family.”

Money made him reckless. He scammed his own hacker partners. Enemies showed up at his door. Someone got shot dead. He fled, got raided, cops found 400 BTC ($4M). He was a minor — so he kept most of it legally.

The $110,000 Tweet

By 2020, during COVID, Twitter staff worked from home. Graham and another teenager pretended to be IT support, sent fake login pages to employees, and climbed Twitter’s internal network until they found “God mode” — an account that could reset any password on the platform.

Suddenly, two kids controlled 130 of the world’s most powerful Twitter accounts.

They could’ve crashed markets, leaked DMs, started fake wars. Instead? They just ran a straight-up crypto scam.

The Aftermath

FBI caught him in two weeks. 30 felony counts. Potential sentence: 210 years.

He served 3 years in juvenile prison. Walked free at 20. Never got caught again.

Today? Graham’s out, wealthy, and X (Twitter’s new name) is flooded with the exact same crypto scams he pioneered.

The Real Lesson

Graham didn’t hack code — he hacked people. Social engineering beats firewalls every single time because:

• Humans trust urgency (they don’t)
• Humans share credentials with “support” (they shouldn’t)
• Humans believe blue checkmarks (they’re easiest to fake)

The system wasn’t broken. The people running it were.

That lesson is still worth billions.