- Hacker Pleads Guilty: Eric Council Jr. admitted to conspiracy and fraud charges after hijacking the SEC’s X account to post false Bitcoin ETF approval news.
- SIM-Swapping Scheme: Council used identity theft and a fabricated ID to manipulate AT&T into transferring control of the SEC account’s phone number.
- Sentencing in May: Council faces up to five years in prison, with investigators uncovering evidence that he suspected law enforcement was tracking him.
A hacker has pleaded guilty to charges related to the unauthorized takeover of the U.S. Securities and Exchange Commission’s (SEC) official X account, which was used to spread false information about Bitcoin. Eric Council Jr., a 25-year-old from Alabama, admitted to conspiracy to commit aggravated identity theft and access device fraud in connection with the January 2024 incident. The breach led to a brief but significant spike in Bitcoin’s value after fake news about the approval of Bitcoin Exchange Traded Funds (ETF) was posted on the SEC’s account.
Council used a SIM-swapping technique to gain control of a phone number linked to the SEC’s account. He transferred the number to a newly purchased iPhone after obtaining the personal details of an individual with access to the account. To complete the scheme, he fabricated an identification document and convinced AT&T to grant him control of the phone number. Once in possession of the account’s recovery codes, his unnamed co-conspirators used the access to post fraudulent messages under the SEC’s name.
The fake announcement, which falsely attributed a quote to then-SEC Chairman Gary Gensler, claimed that Bitcoin ETFs had been approved. This misleading information caused Bitcoin’s price to surge by over $1,000 in a short period. Council’s co-conspirators paid him in Bitcoin for his role in facilitating the hack. Authorities have not disclosed whether any of them have been identified or charged.
Following his arrest, investigators uncovered internet searches made by Council that suggested he was aware of potential law enforcement scrutiny. One of his searches included phrases related to signs of being under investigation by agencies such as the FBI, indicating possible concerns about being caught before his eventual apprehension.
Council is set to be sentenced on May 16 and faces a maximum prison term of five years. The case underscores the ongoing risks posed by cybersecurity breaches, particularly in financial markets where false information can lead to immediate and widespread consequences.
