A recent guilty plea in a high-profile hacking case has shed light on the vulnerabilities in online account security and the potential ripple effects on cryptocurrency markets. Eric Council, a 25-year-old from Athens, Georgia, has admitted to charges related to the hacking of the US Securities and Exchange Commission’s (SEC) X account in January last year. This incident caused a brief but significant spike in the price of Bitcoin after a fraudulent post falsely claimed SEC approval of Bitcoin exchange-traded funds.
Court documents reveal that Council, along with co-conspirators, conducted Subscriber Identity Model (SIM) swaps to gain unauthorized access to the @SECgov X account. A SIM swap attack involves fraudulently inducing a mobile carrier to reassign a victim’s mobile phone number to a SIM card controlled by the criminal, allowing access to valuable information associated with the victim’s telephone. In this case, Council used forged identification and deceptive tactics to secure a replacement SIM card and access the SEC’s X account, sharing the login credentials with his associates.
The fraudulent post announcing SEC approval of Bitcoin ETFs, although entirely false, caused Bitcoin’s price to rise by over $1,000 before falling more than $2,000 once the SEC regained control of its account and discredited the message. With Bitcoin ETFs being a hot topic among investors at the time, any news—whether true or false—had the potential to significantly impact the crypto market. The SEC’s official account is particularly influential, and genuine approval of Bitcoin ETFs was seen as a major milestone in the crypto space.
Council’s plea agreement revealed further details about his involvement in SIM swapping and other fraudulent activities. In addition to the SEC incident, he admitted to attempting additional SIM swaps and was found in possession of fake identification templates and a portable ID printer. He acknowledged receiving approximately $50,000 in payments for his role in the conspiracy, including the SIM swap that led to the SEC breach.
Council has pleaded guilty to one count of conspiracy to commit aggravated identity theft, which carries a potential maximum sentence of five years in prison, a fine of up to $250,000, and up to three years of supervised release. His sentencing is scheduled for May 16, 2025.
This case highlights the importance of robust online account security measures and the potential impact of cybercrime on cryptocurrency markets. It serves as a reminder for individuals and organizations to remain vigilant against hacking attempts and to implement strong security protocols to protect sensitive information and assets in the digital age.