Eric Council Jr., a 25-year-old from Athens, Alabama, pleaded guilty on February 10, 2025, to charges stemming from the January 2024 hacking of the U.S. Securities and Exchange Commission’s (SEC) social media account on X (formerly Twitter).
The breach involved a fraudulent announcement that caused Bitcoin’s price to rise by more than $1,000 before dropping by $2,000 when the scam was exposed.
Court documents reveal that the Council conspired with accomplices to execute a Subscriber Identity Module (SIM) swap attack, gaining unauthorized control of the SEC’s X account.
The conspirators posted a fake message claiming that the SEC had approved Bitcoin Exchange Traded Funds (ETFs) a highly anticipated decision in the cryptocurrency market.
The false announcement created immediate instability in the markets, with Bitcoin’s value spiking until the SEC addressed the misinformation and regained control of its account.
The fraudulent post read: “Today the SEC grants approval to Bitcoin ETFs for listing on registered national security exchanges. The approved Bitcoin ETFs will be subject to ongoing surveillance and compliance measures to ensure continued investor protection.”
This misleading statement exploited market optimism surrounding Bitcoin ETFs, which were expected to attract significant institutional investments.
Technical Execution: SIM Swap Attack
The attack was orchestrated through a SIM swap, a method where hackers manipulate telecom providers into reassigning a victim’s phone number to a SIM card controlled by the attacker.
Council used a counterfeit identification card containing stolen personal information—provided by his co-conspirators—to impersonate an individual with access to the SEC account.
By gaining control of the victim’s phone number, Council reset the account credentials, enabling his accomplices to post the fraudulent announcement.
The Department of Justice highlighted that the Council received approximately $50,000 in Bitcoin as payment for his role in the scheme.
Investigators also uncovered internet searches on Council’s personal computer, indicating his concern about potential FBI investigations.
Council pleaded guilty to conspiracy to commit aggravated identity theft and access device fraud.
He faces up to five years in federal prison and is scheduled for sentencing on May 16, 2025. Additionally, he has agreed to forfeit $50,000 in illicit proceeds from the operation.
The case underscores the severe repercussions of cybercrimes targeting financial institutions and regulatory bodies.
Notably, this incident highlights critical vulnerabilities in digital and telecommunications infrastructure. SIM swapping remains a prevalent method for cybercriminals to bypass two-factor authentication systems linked to sensitive accounts.
The SEC has since reassessed its cybersecurity protocols and reiterated that official announcements are made exclusively through its website.
The case also demonstrates how misinformation can manipulate financial markets within minutes. The temporary spike in Bitcoin’s price following the fake ETF approval underscores the influence of regulatory announcements on cryptocurrency valuations.
As cryptocurrencies gain mainstream traction, this case serves as a caution about safeguarding digital assets and regulatory communications against sophisticated cyberattacks.
PCI DSS 4.0 & Supply Chain Attack Prevention – Free Webinar