- Eric Council Jr. exploited a federal employee’s phone number using fake ID in a SIM swap to access the SEC’s official social media account.
- The hack caused Bitcoin’s value to temporarily spike by over $1,000 due to a fake announcement regarding ETF approvals.
- Council profited $50,000 from the scam and will be sentenced following federal prosecutors’ recommendation for a two-year prison term.
Eric Council Jr., a 25-year-old from Athens, Alabama, is facing a two-year prison sentence after pleading guilty to hacking the Securities and Exchange Commission’s X account in January 2024. Federal prosecutors filed their sentencing recommendation ahead of Council’s court date on May 16 in Washington.
The breach led to a false announcement about the approval of Bitcoin exchange-traded funds. This misleading post caused Bitcoin’s price to jump by over $1,000 before the SEC removed the tweet. At the time, interest in Bitcoin ETFs was growing, and the unauthorized post spread quickly across the market.
Sophisticated SIM Swap Scheme Executed
Council gained access to the SEC’s X account through a SIM swap attack. He used fake identification to convince a mobile provider to issue him a SIM card tied to a federal employee’s number. Once he controlled the number, he obtained a password reset code for the SEC’s social media account and shared it with co-conspirators, who published the fraudulent ETF approval.
Prosecutors revealed Council made $50,000 from the scheme. Court filings show he conducted online searches to determine whether federal investigators were tracking him. He also used the identity theft tools to help others gain unauthorized access to online accounts.
SEC Security Protocols Exposed
The hack exposed security flaws within the SEC. At the time of the incident, multi-factor authentication on the SEC’s X account had been disabled due to internal concerns. This allowed attackers to exploit the account with less resistance. The agency has since re-enabled additional security measures on its official accounts.
The SEC officially approved spot Bitcoin ETFs a day after the false post. However, the incident had already caused confusion among investors and drew widespread attention to the SEC’s cybersecurity practices.
