The group’s attacks have one big thing in common: They take advantage of human fallibility rather than code vulnerability. These so-called social engineering attacks are growing in sophistication, and while the Twitter case is being prosecuted vigorously, the broader problem is unlikely to end soon, security experts said.

The New York Times reported the alleged mastermind was a part of the “OG” users community, which traffics in short unique online handles, such as a single character or word on social media. The hackers are also known for SIM swapping, a tactic that has long plagued the world of crypto.

Florida resident Graham Clark was arrested on July 31. State Attorney Andrew Warren filed 30 felony charges, including organized fraud, communications fraud, fraudulent use of personal information and access to computer or electronic devices without authority, WFLA reported.

Clark allegedly masterminded the hijacking of 130 prominent Twitter accounts, scamming their followers out of $140,000 worth of bitcoin. That was a relatively paltry sum considering the high-profile accounts involved including Elon Musk and former President Barack Obama. But the attackers could have sown much chaos considering they controlled the megaphones of a presidential candidate (former Vice President Joe Biden) and several CEOs.

The social media platform was compromised in mid-July after a successful “social engineering” attack targeting its employees, Twitter initially concluded. A later update was more precise, saying employees fell victim to “phone spear-phishing” attacks.

Social engineering is a broad term that encompasses many methods of exploitation, said Allison Nixon, chief research officer at Unit221B, a cybersecurity firm. It can involve everything from bribery and coercion to phishing, she said.

According to a government affidavit, Clark convinced a Twitter employee he was a co-worker in the IT department. The employee then provided credentials to access the customer service portal.