A 25-year-old Alabama man has pleaded guilty to charges related to the January 2024 hacking of the US Securities and Exchange Commission’s (SEC) X (formerly Twitter) account. This incident briefly caused a spike in the value of Bitcoin.
Eric Council Jr., of Athens, Alabama, admitted in court to conspiring with others to gain unauthorized access to the SEC’s official social media account.
The hackers used the compromised account to falsely announce that the SEC had approved Bitcoin exchange-traded funds (ETFs).
The long-anticipated decision, when falsely reported, drove the price of Bitcoin up by over $1000. Shortly after the SEC regained control and refuted the claim, Bitcoin’s value dropped by more than $2000.
SIM Swapping and Cybercrime Tactics
According to prosecutors, Council executed a technique known as SIM swapping to take over the SEC’s account. Using stolen personal information provided by co-conspirators, he created a fake identification card and used it to impersonate a victim with access to the SEC’s X account.
He then visited an AT&T store and, claiming to be a federal agent, persuaded staff to transfer the victim’s phone number to a SIM card in his possession. With this access, Council and his associates reset the credentials on the SEC’s X account and posted the fraudulent Bitcoin announcement.
Read more about the attack: Senators Demand Probe into SEC Hack after Bitcoin Price Spike
Court documents reveal that Council was compensated in Bitcoin and other cryptocurrencies for his role in the scheme.
His guilty plea includes charges of conspiracy to commit aggravated identity theft and access device fraud. These crimes carry a maximum sentence of five years in prison. His sentencing is scheduled for May 16.
Legal and Financial Implications
The case is being investigated by the FBI’s Washington Field Office and the SEC Office of Inspector General. Prosecutors handling the case include attorneys from the Justice Department’s Criminal Division and Fraud Section, along with an assistant US attorney from the District of Columbia.
The SEC’s social media breach underscores the vulnerabilities of high-profile online accounts and the potential consequences of misinformation in financial markets.
The incident highlights the growing threat of cyber-enabled financial crimes and the importance of robust security measures in protecting official communications.
Image credit: 24K-Production / Shutterstock.com