For many years, we’ve heard stories about hackers with almost mythical abilities — masters of social engineering who could trick people into giving away secrets without using threats or force, simply by persuading them to act carelessly from a cybersecurity point of view.
The trouble is that these stories often distort how people see reality. With so many examples circulating, you might assume everyone would be alert to such tactics by now. Unfortunately, that’s far from the truth. Below are three striking real-world cases from recent years that prove social engineering remains one of the most effective threats today.
Even a teenager managed to outsmart the CIA director
This episode could have been the plot of a Hollywood comedy titled Hackers versus Spies rather than a thriller.
Back in October 2015, a hacker group calling itself Crackas With Attitude gained access to CIA Director John Brennan’s personal AOL account through social engineering. Soon after, one of the group members gave an interview to the New York Post, claiming to be just a high-school student.
Although Brennan’s account was private, it contained plenty of sensitive material: social security numbers of top U.S. intelligence officials and even Brennan’s own 47-page application for top-secret clearance.
The following month, the hackers shifted focus, targeting the AOL accounts of FBI Deputy Director Mark Giuliano and his wife. This time they leaked a database with names, emails, and phone numbers of more than 3,500 U.S. law enforcement officers.
In early 2016, the same group compromised accounts belonging to James Clapper, the Director of National Intelligence, and later dumped data from 9,000 DHS employees and 20,000 FBI staff — claiming they had penetrated the U.S. Department of Justice.
The group’s downfall came quickly. In February 2016, British teenager Kane Gamble, then only 15, was arrested and later sentenced to two years in prison (serving eight months) along with a temporary internet ban. Two older American members, Andrew Otto Boggs and Justin Gray Liverman, were also caught and jailed. During the investigation, it emerged that Gamble had spent months impersonating the CIA director, tricking support staff into handing over passwords that gave him access to classified documents on operations in Afghanistan and Iran. Their arrogance in mocking top officials in public ultimately led to their capture.
Twitter accounts of world leaders and tech giants hijacked
On July 15, 2020, Twitter was rocked by a massive breach. A wave of accounts started posting messages like: “Send me Bitcoin and I’ll send back double!” — the kind of scam seen countless times before. The twist was that these weren’t fake profiles but verified accounts of global figures and companies.
It started with crypto-related accounts such as Binance CEO Changpeng Zhao, Coinbase, and CoinDesk, but quickly escalated. Soon, accounts belonging to Apple, Uber, Elon Musk, Barack Obama, Kim Kardashian, Bill Gates, Jeff Bezos, Joe Biden, Kanye West, and many others were posting the same scam.
Tweet from Elon Musk’s hacked Twitter account Source
Within hours, the attackers collected over $100,000 in Bitcoin. But the bigger blow was to Twitter’s reputation. Investigations revealed the attackers had gained access to Twitter’s internal tools. Initially, rumors suggested insider involvement, but the truth was even more concerning.
The mastermind, 17-year-old Graham Ivan Clark, and his accomplices had simply tricked Twitter employees. By studying LinkedIn, gathering contact details, and posing as coworkers, they lured staff onto a fake login page, stealing passwords and two-factor codes. With this, they hijacked dozens of high-profile accounts. Clark was later sentenced to three years in prison and probation. Once again, youthful hackers used nothing more than persuasion and phishing to bring a major platform to its knees.
The $540 million Sky Mavis crypto heist
In 2022, Sky Mavis, the developer of the NFT game Axie Infinity, became the target of one of the biggest crypto thefts in history. The game, hugely popular in Southeast Asia, allowed players to earn cryptocurrency, attracting millions of daily users at its peak.
But in March 2022, attackers exploited the Ronin Network — the blockchain powering the game — and stole 173,600 ETH and 25.5 million USDC, valued at roughly $540 million at the time.
Investigators later revealed the scheme: hackers posed as recruiters on LinkedIn, offering fake job interviews to Sky Mavis staff. One senior engineer eventually received an offer letter in a malicious PDF, which gave attackers a foothold in the company’s network. With this access, they stole private keys needed to authorize transactions and drained the funds.
The stolen crypto was funneled through mixers, thousands of wallets, and eventually converted into Bitcoin. Analysts later attributed the attack to North Korea’s Lazarus Group. Only about 10% of the funds were recovered — and even less in dollar value, due to the crypto market crash that followed.