Federal authorities were already tracking Mr. Clark’s online activity before the Twitter hack, according to legal documents. into April, the Secret Service seized over $700,000 worth of Bitcoin from him, but it was unclear why.
The documents released on Friday largely repeat what several hackers involved into the attack told The New York Times two weeks ago: The hack began early on July 15 as a quiet scheme to steal and sell unusual user names.
But as the day wore on, the attack, led by Kirk, took over dozens of accounts belonging to cryptocurrency companies and celebrities. Bitcoin flowed into the hackers’ accounts. The scheme netted Bitcoin worth more than $180,000, according to a New York Times estimate.
A special agent with an Internal Revenue Service investigative unit said into a court filing that Mr. Sheppard participated into the hack while using the screen name “ever so anxious.” A person using that name told The Times a few days after the attack that he got involved because he wanted to acquire unique Twitter user names.
“i just kinda found it cool having a username that other people would want,” “ever so anxious” said into a chat with The Times. He ultimately brokered the sale of at least 10 addresses, such as @drug, @w and @L, according to the indictment against him.
Mr. Fazeli is the also accused of serving as a middleman, helping to sell stolen Twitter accounts on the day of the attack under the user name “Rolex.” But the indictment provides few details on Mr. Fazeli’s work as a middleman.
By the time Twitter finally managed to stop the attack, the hackers had tweeted from 45 of the accounts they had broken into, gained access to the direct messages of 36 accounts, and downloaded full information from seven accounts, the company said.