Eric Council Jr., a 25-year-old from Alabama, has admitted in court to hacking the U.S. Securities and Exchange Commission’s (SEC) official X (formerly Twitter) account in a scheme to manipulate Bitcoin prices. Council pleaded guilty to conspiring with others to take over the SEC account and post a fraudulent message about Bitcoin exchange-traded funds (ETFs) being approved by the SEC.
The incident occurred in January 2024 when a false announcement was posted, claiming that the SEC had approved the trading of Bitcoin-linked ETFs. The message briefly caused Bitcoin’s value to surge by over $1,000. However, once the SEC regained control of the account, it confirmed that the message was a hoax, causing Bitcoin’s value to plummet by more than $2,000.
To access the SEC’s X account, Council executed a SIM swapping attack—a method of cybercrime where a hacker impersonates the victim to gain control of their phone number. Council used stolen personal information to create a fake ID and convinced AT&T employees to transfer the victim’s number to a SIM card he controlled. He and his co-conspirators then used the phone number to generate password reset codes, allowing them to access the SEC account and post the fraudulent Bitcoin announcement.
Council received cryptocurrency payments for his role in the scheme, which targeted a high-profile account with significant consequences for financial markets. He has pleaded guilty to charges including conspiracy to commit aggravated identity theft and access device fraud. Council now faces up to five years in prison, with sentencing scheduled for May 16, 2025.
The case highlights the growing risks of SIM swapping attacks and the potential for such breaches to disrupt financial systems and digital security.
SEC Crest on Flickr by ebayink CC BY-NC-ND 2.0
