Eric Council Jr., a 26-year-old from Huntsville, Alabama, was sentenced Friday to 14 months in federal prison and three years of supervised release for his role in the high-profile hack of the U.S. Securities and Exchange Commission’s (SEC) official X account.
The breach, which occurred in January 2024, triggered a brief but dramatic spike in Bitcoin (BTC) prices after a fraudulent post falsely claimed the SEC had approved Bitcoin Exchange Traded Funds (ETFs).
The Attack: SIM Swapping and Social Engineering
According to court documents, Council orchestrated a sophisticated SIM swap attack-a form of cybercrime where an attacker fraudulently convinces a mobile carrier to transfer a victim’s phone number to a SIM card under the attacker’s control.
This technique allows criminals to intercept calls and SMS-based two-factor authentication (2FA) codes, enabling unauthorized access to sensitive accounts.
Council obtained personally identifiable information (PII) of an SEC employee from co-conspirators and used a portable ID card printer to create a convincing fake driver’s license.
Armed with this counterfeit identification, he visited an AT&T store in Huntsville and persuaded staff to reassign the victim’s phone number to a SIM card in his possession.
He then purchased a new iPhone, inserted the compromised SIM, and requested a password reset for the @SECGov X account.
The reset code, delivered via SMS, was photographed and sent to his co-conspirators, who used it to seize control of the SEC’s social media presence.
Market Impact: False ETF News and Price Volatility
Once in control of the SEC’s X account, Council’s accomplices posted a message in the name of the SEC Chairman, falsely announcing the regulatory approval of Bitcoin ETFs.
This announcement was highly anticipated by the market, and within minutes, the price of Bitcoin surged by over $1,000 per BTC.
However, after the SEC quickly regained control of its account and issued a correction, BTC’s price plummeted by more than $2,000, highlighting the vulnerability of financial markets to social media-driven misinformation.
Legal Proceedings and Sentencing
Council pleaded guilty in February to conspiracy to commit aggravated identity theft and access device fraud.
He admitted to receiving approximately $50,000 in Bitcoin as payment for his role in the scheme.
In addition to his prison sentence, Council was ordered to forfeit the illicit proceeds and is barred from accessing the dark web or committing further identity fraud during his supervised release.
Federal prosecutors emphasized the seriousness of the offense, noting that such cyber-enabled market manipulation threatens the integrity of U.S. financial systems.
“The deliberate takeover of a federal agency’s official communications platform was a calculated criminal act meant to deceive the public and manipulate financial markets,” said Darren Cox, Acting Assistant Director of the FBI’s Criminal Investigative Division.
Broader Implications: Security Lapses and Market Manipulation
The incident also exposed critical security lapses at the SEC, which reportedly did not have two-factor authentication enabled on its X account at the time of the breach.
The hack occurred amid heightened anticipation for regulatory approval of spot Bitcoin ETFs, amplifying the impact of the false announcement.
Council’s case underscores the growing threat of SIM swap fraud and the potential for cybercriminals to exploit social engineering and technical weaknesses to manipulate digital asset markets.
The Justice Department and SEC officials reiterated their commitment to prosecuting cyber fraud and protecting both investors and the integrity of financial markets.
Technical Terms and Codes
- SIM Swap Attack: Unauthorized transfer of a victim’s mobile number to a SIM card controlled by an attacker, often used to bypass SMS-based 2FA.
- Aggravated Identity Theft (18 U.S.C. § 1028A): Federal offense involving the use of another person’s identity in connection with certain felonies.
- Access Device Fraud (18 U.S.C. § 1029): Fraudulent use of devices or credentials to gain unauthorized access to accounts or systems.
- Two-Factor Authentication (2FA): A Security process requiring two separate forms of identification for account access.
- Bitcoin ETF: An Exchange fund that tracks the price of Bitcoin, allowing investors to gain exposure without directly holding the cryptocurrency.
The council’s sentencing serves as a warning to cybercriminals and highlights the ongoing need for robust cybersecurity practices across government and financial institutions.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
%20(1).webp?resize=1600,900&ssl=1&description=The breach, which occurred in January 2024, triggered a brief but dramatic spike in Bitcoin (BTC) prices after a fraudulent post falsely claimed){kind=link}