Hacker who hijacked SEC’s X account pleads guilty, faces maximum five-year sentence

The hacker responsible for breaking into the X account of the U.S. Securities and Exchange Commission (SEC) and posting false information is facing a maximum prison sentence of five years after pleading guilty on Monday. 

Eric Council Jr., a 25-year-old native of Athens, Alabama, pleaded guilty to conspiracy to commit aggravated identity theft and access device fraud. His sentencing hearing is scheduled for May 16.

Council was arrested by the FBI in October for his role in a January 2024 incident that caused the price of bitcoin to swing wildly. 

The SEC’s X account was taken over and used to share false information about plans to approve exchange-traded funds (ETFs) that contain cryptocurrency like bitcoin. ETFs are a type of investment fund that are traded on stock exchanges. Cryptocurrency advocates have long sought the ability to include cryptocurrency like bitcoin in ETFs and the rule allowing it was eventually approved. 

In court documents, prosecutors said Council worked with others to gain control of the SEC account through an unauthorized Subscriber Identity Module (SIM) swap. SIM swaps are when hackers get phone companies to reassign a cell phone number from the legitimate subscriber to a SIM card controlled by the fraudster. 

The Justice Department said Council and the others created fake IDs that allowed them to take over accounts, which then gave them access to online social media accounts linked to the victim’s cell phone number. 

The indictment says Council used an ID card template with the victim's name and his own face, printed it and traveled to an AT&T store in Huntsville, Alabama, to conduct the SIM swap. 

Council claimed he was an FBI employee "who broke his phone" and needed a new SIM card and then went to an Apple store to buy a new iPhone and put the new SIM card into it. 

This allowed him to receive two-factor security reset codes needed to take over the @SECGov account on X. The same day, Council drove to Birmingham and returned the iPhone at another Apple store. 

The indictment adds that Council searched on Google for "SECGOV hack," and "how can I know for sure I am being investigated by the FBI," and "how long does it take to delete telegram account" as well as other queries related to whether he was being monitored by the FBI. 

At the time of the incident, X confirmed that an investigation revealed that the account compromise “was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party.”

The X statement, which came from the site’s safety team, claimed the account did not have two-factor authentication enabled, something disputed in the indictment. 

Prosecutors believe Council and those involved were trying to manipulate the cryptocurrency market. The false tweet caused the price of a single bitcoin to increase by about $1,000. A follow-up message from the SEC confirming the information was fake caused the price to tumble by $2,000 per bitcoin.  

Council was paid in bitcoin by his co-conspirators. 

X continues to face issues with protecting high-profile accounts from cryptocurrency-focused takeovers. 

“The platform in question has become increasingly vulnerable to abuse, while simultaneously serving as a critical media tool for influencers, brands, and even governments,” Tom Hegel, principal threat researcher at SentinelLabs, said last week after releasing a report on the issue.

“In short, the financial incentives are greater than ever, and in some cases, abusing these platforms has only become easier over time."

As an example of recent activity, the report spotlights several recent incidents, including attacks on accounts owned by the Tor Project, NASDAQ and others.