Man Gets 14 Months in Jail for Role in SEC's X Account Hack that Pumped Fake Bitcoin ETF Hype
A federal court has handed down a sentence to Eric Council Jr., a 26-year-old from Athens, Alabama, who played a key role in the hacking of the Securities and Exchange Commission's (SEC) X account. The incident, which occurred on January 9, 2024, led to a false announcement that the SEC had approved spot Bitcoin ETFs, causing a significant surge in the cryptocurrency's price.
Council, who pleaded guilty to conspiracy to commit aggravated identity theft in February, was sentenced to 14 months in prison by District Court Judge Amy Berman Jackson on Friday. The sentence is a result of Council's involvement in SIM swap attacks on the SEC's official X account (@SECgov), which allowed him and his co-conspirators to gain unauthorized access to the account.
According to court documents, Council used a fake ID to impersonate a customer at an AT&T store and obtained a SIM card tied to the SEC's mobile number. He then activated the SIM card on a new iPhone and received password reset codes for the SEC's X account. After capturing these codes, Council shared them with his co-conspirators, who successfully accessed the SEC's X account and dropped the false announcement about the approval of spot Bitcoin ETFs.
The post sent Bitcoin's price soaring by more than $1,000 in minutes, before plummeting over $2,000 after the SEC clarified the breach. The hack occurred just one day before the SEC greenlit the first batch of spot Bitcoin ETFs in the US.
The Role of Council and his Co-Conspirators
Council did not author the post that directly triggered Bitcoin's price action, but prosecutors stated he played a key role in enabling the scheme. "Council brazenly used SIM-swapping and identity theft to manipulate the Bitcoin market in an attempt to line his and his co-conspirators' pockets," said FBI Washington Field Office Assistant Director Steven J. Jensen.
Investigators also found that Council had been involved in other attempted SIM swaps and identity fraud efforts. During a June 2024 search of his apartment, agents recovered a portable ID printer, a fake ID card, and a laptop containing templates for additional forged documents. Internet searches discovered on his devices included "SECGOV hack," "telegram sim swap," and "what are some signs that the FBI is after you," to name a few.
Consequences of the Hack
Council must forfeit $50,000 – the exact amount he received for performing SIM swaps. He will also serve three years of supervised release with restrictions on accessing the dark web and engaging in identity-related crimes.
The hack also exposed major cybersecurity weaknesses within the SEC. An undisclosed report shared last December found that the SEC's cybersecurity infrastructure was "not effective" and "needs additional improvement" in several areas. This incident highlights the importance of robust cybersecurity measures to prevent similar breaches in the future.