- Eric Council Jr. faces two years in prison for hacking the SEC’s X account to post fake news.
- The SIM swap attack led to a false Bitcoin ETF claim, causing price to fluctuate by $1,000.
- Council earned $50,000 from SIM swap attacks and was caught trying another fraud in June 2024.
In January 2024, a false post was made on the X account of the Securities and Exchange Commission (SEC), which shook the crypto market. The post made a fake statement that the SEC had approved Bitcoin exchange-traded funds (ETFs). This caused Bitcoin’s price to grow by more than $1,000. However, the announcement was deleted immediately by the SEC, and the actual approval came the next day.
Eric Council Jr., who was involved in the attack, is now facing a two-year prison sentence. U.S. Prosecutors have recommended the sentence after Council pleaded guilty to his role in the SIM swap attack. The attack compromised the SEC’s X account, leading to the fake announcement about Bitcoin ETFs, which caused significant disruption in the market.
According to recent filings, Council profited around $50,000 from similar attacks. He used fake identity documents to impersonate individuals with access to secure accounts. He then deceived an AT&T employee into transferring the victim’s phone number to his SIM card, gaining access to their accounts. This method, known as SIM swapping, allowed Council to take control of the SEC’s social media account. He then posted the fraudulent news.
During a search of the Council’s residence and devices in June 2024, investigators found online searches related to FBI investigations. They also discovered that the Council had been charging between $1,200 and $1,500 per SIM swap. These SIM swaps were done for clients between January and June 2024.
Council’s activities came to an end when he was caught attempting another SIM swap at an Apple store in June 2024. Authorities then found fake ID templates on his laptop. Council admitted to his actions and was charged with conspiracy to commit aggravated identity theft and access device fraud.
Related: SEC Ends XRP Lawsuit With Ripple in $50M Settlement Deal
The breach of the SEC’s X account highlighted significant security flaws. At the time, the SEC’s account lacked two-factor authentication, a feature that had been removed at the SEC’s request. This vulnerability contributed to the breach, which caused Bitcoin’s price to fluctuate dramatically, wiping out millions of dollars in market positions.
Council’s sentencing is set for May 16, 2025. The case has drawn attention to the growing risks of digital asset security and the need for stronger protections.
