US federal prosecutors have recommended a two-year prison sentence for Eric Council Jr., the Alabama man who orchestrated a high-profile hack of the Securities and Exchange Commission’s (SEC) official X (formerly Twitter) account in January 2024.
The breach was a scam post claiming that the SEC had approved Bitcoin exchange-traded funds (ETFs), causing significant market disruption. The tweet caused Bitcoin’s price to surge by more than $1,000 before being taken down.
US prosecutors said the case warranted a prison sentence within the recommended guidelines. They explained that the Council had profited from a sophisticated fraud scheme that involved using fake identification documents, misleading actions at telecommunications stores, and sharing password reset codes for victim accounts with co-conspirators in the United States and overseas.
Council, 25, of Athens, Alabama, had previously pleaded guilty to one count of conspiracy to commit aggravated identity theft and access device fraud in January. He claimed he had used a “SIM swap” attack to illicitly access the SEC’s X account.
This hack, in turn, enabled him to pose as a federal employee, conning a telecommunications company into transferring the employee’s telephone number to a SIM card in the name of the Council. Once in possession of the phone number, Council compromised the account, stole the details needed to access the account, and shared them with the co-conspirators who posted the sham post.
The post circulated rapidly and caused widespread anxiety in the crypto industry, as many investors eagerly await an official decision on spot Bitcoin ETFs.
The day after the bogus post, the commission greenlighted the ETFs — this time in a real announcement.
Council is awaiting sentencing, which is set for May 16 in a federal court in Washington.
Hacker fakes SEC Bitcoin ETF approval in SIM swap attack
Eric Council Jr made $50,000 performing the attack and even searched how to tell if the FBI was investigating him, recent filings show.
At the time of the hack, many noted that the commission had a lot of Bitcoin ETFs on its plate that it needed to get to in the new year. Eric Council’s post led to confusion and speculation among supporters.
The Securities and Exchange Commission issued an official release the day after, consenting to the ETFs. But at that point, the damage had already been done.
The hacker had employed a fake ID to persuade a mobile phone service provider to release a new SIM card tied to the exchange commission’s phone number. He later received a password reset code for the SEC’s X account and provided it to his co-conspirators.
Council’s attack exposes SEC’s cyber weakness
The hack revealed gaping holes in the commission’s digital security systems. At the time, multi-factor authentication (MFA) had been disabled on the SEC’s X account because of internal access concerns.
This made it easier for Council and his group to take over the account. Following the breach, the commission stated that it had re-enabled Multifactor authentification on all official accounts and advised the public to continue visiting its website for the latest official news.
Council’s case is playing out as changes in leadership are roiling the US Justice Department. Most recently, President Donald Trump named acting US Attorneys in several districts, including Washington, D.C., without the approval of the Senate.
Cryptopolitan Academy: Want to grow your money in 2025? Learn how to do it with DeFi in our upcoming webclass. Save Your Spot
