Man gets 14 months in jail for role in SEC’s X account hack that pumped fake Bitcoin ETF hype

Eric Council Jr., who helped facilitate the unauthorized takeover of the SEC’s X account that led to a false Bitcoin ETF post, will spend the next 14 months in prison, District Court Judge Amy Berman Jackson announced the sentence on Friday.

The 26-year-old from Athens, Alabama, conspired with others to conduct SIM swap attacks on the SEC’s official X account (@SECgov).

Court documents show that around Jan. 9, 2024, Council used a fake ID to impersonate a customer at an AT&T store to obtain a SIM card tied to the SEC’s mobile number.

Council then activated the SIM card on a new iPhone and received password reset codes for the SEC’s X account. After that, he captured password reset codes and shared them with his co-conspirators.

Using the reset code, one of Council’s partners successfully accessed the SEC’s X account and dropped a false announcement that the SEC had approved spot Bitcoin ETFs.

The post sent Bitcoin’s price soaring by more than $1,000 in minutes, before plummeting over $2,000 after the SEC’s clarification of the breach.

The hack occurred just one day before the SEC greenlit the first batch of spot Bitcoin ETFs in the US. Council was arrested last October.

While he did not author the post that directly triggered Bitcoin’s price action, prosecutors stated he played a key role in enabling the scheme.

“Council brazenly used SIM-swapping and identity theft to manipulate the Bitcoin market in an attempt to line his and his co-conspirators’ pockets,” said FBI Washington Field Office Assistant Director in Charge Steven J. Jensen. “Today’s sentencing shows that those who use the perceived anonymity of digital fraud to exploit public markets will be unmasked and brought to justice by the FBI.”

Investigators also found that Council had been involved in other attempted SIM swaps and identity fraud efforts. During a June 2024 search of his apartment, agents recovered a portable ID printer, a fake ID card, and a laptop containing templates for additional forged documents.

Internet searches discovered on his devices included “SECGOV hack,” “telegram sim swap,” and “what are some signs that the FBI is after you,” to name a few.

Council, who pleaded guilty to conspiracy to commit aggravated identity theft in February, must forfeit $50,000 – the exact amount he received for performing SIM swaps.

He will also serve three years of supervised release with restrictions on accessing the dark web and engaging in identity-related crimes.

The hack also exposed major cybersecurity weaknesses within the SEC.

An undisclosed report shared last December, which predated the January hack leading to a false Bitcoin ETF announcement, found the SEC’s cybersecurity infrastructure was “not effective” and “needs additional improvement” in several areas.