Eric Council Jr., a 26-year-old from Alabama, has been sentenced to 14 months in prison for his role in the January 2024 hack of the U.S. Securities and Exchange Commission’s (SEC) X account, a breach that temporarily manipulated Bitcoin’s market value through a fraudulent post about Bitcoin ETF approvals. The case highlights the persistent threat of SIM swap attacks and their potential to destabilize financial markets.
Technical Execution: Anatomy of the SIM Swap Attack
Council and his co-conspirators executed a SIM swap attack to hijack the SEC’s X account. Key steps included:
- Reconnaissance: Identifying a victim linked to the SEC’s account via their phone number.
- Fake ID Creation: Using a portable ID card printer to forge a driver’s license with the victim’s details and Council’s photo.
- SIM Porting: Presenting the fake ID at an AT&T store in Huntsville, Alabama, to transfer the victim’s phone number to a device under Council’s control.
- Account Takeover: Co-conspirators leveraged the hijacked number to access the SEC’s X account, posting a false announcement about Bitcoin ETF approvals.
The fraudulent tweet caused Bitcoin’s price to surge by $1,000 before crashing by $2,000 within hours after the SEC regained control.
Legal Repercussions and Sentencing
Council pleaded guilty in February 2025 to conspiracy charges involving aggravated identity theft and access device fraud. Despite prosecutors seeking a 24-month sentence, Judge Amy Berman Jackson imposed a 14-month term, citing Council’s lack of prior criminal history and cooperation. Additional penalties include:
- $50,000 forfeiture of Bitcoin proceeds.
- Three years of supervised release with restrictions on dark web access and identity fraud.
Prosecutors highlighted Council’s post-arrest conduct, including a video where he mocked the SEC’s cybersecurity as an “inside job” and downplayed accountability.
Broader Implications for Cybersecurity
The incident underscores critical vulnerabilities in institutional cybersecurity:
- SIM Swap Risks: Financial regulators and enterprises must enforce stricter carrier verification protocols to prevent unauthorized porting.
- Multi-Factor Authentication (MFA) Gaps: Over-reliance on SMS-based MFA leaves accounts exposed to SIM-swap tactics.
- Market Manipulation Threats: Rapid dissemination of false information via compromised official channels can destabilize markets, as seen with Bitcoin’s volatility.
U.S. Attorney Matthew Graves emphasized that such crimes “jeopardize the integrity of our market system,” urging enhanced defenses against identity fraud.
The SEC hack serves as a stark reminder for organizations to:
- Adopt hardware-based MFA (e.g., FIDO2 keys) to mitigate SIM swap risks.
- Monitor social media accounts for anomalous activity, especially during high-stakes announcements.
- Conduct regular penetration testing to identify vulnerabilities in third-party service dependencies.
As cybercriminals increasingly target high-profile institutions, proactive defense mechanisms and swift legal action remain pivotal in safeguarding market integrity.