A 25-year-old man from Alabama, Eric Council Jr., has been arrested in connection with an alleged scheme to manipulate bitcoin prices by hacking into the U.S. Securities and Exchange Commission’s (SEC) official account on the social media platform X, formerly known as Twitter. The U.S. Attorney’s Office for the District of Columbia revealed the details of the arrest, indicating that Council was involved in a SIM swapping attack earlier this year that ultimately led to fraudulent activity impacting the cryptocurrency market.
In January, Council and his co-conspirators executed a plan to post false information on the SEC’s X account, which is followed by a significant number of stakeholders in the financial and cryptocurrency markets. The hackers posted misleading news claiming that the SEC had approved bitcoin exchange-traded funds (ETFs). This false announcement triggered a sharp increase in the price of bitcoin, causing it to spike by approximately $1,000, equivalent to about 1,493 Australian dollars. The SEC quickly took action to disavow the misleading post and removed it, but not before it had already created turmoil in the market.
The incident raised concerns not only about the SEC’s ability to secure its digital communications but also highlighted ongoing security vulnerabilities associated with social media platforms, particularly since Elon Musk’s acquisition of X in October 2022. Critics have pointed out that the breach underscores the potential for malicious actors to exploit social media to disseminate false information and manipulate financial markets.
Council was arrested as part of a broader investigation into this incident, which involved the illegal access of the SEC’s X account. Federal prosecutors allege that Council assisted unnamed co-conspirators who identified a victim—referred to only as “C.L.”—who had access to the SEC account. Under the guidance of these co-conspirators, Council executed a SIM swap, a technique that allows hackers to take control of a victim’s phone number and redirect communications to a device they control. This unauthorized access enabled Council and his team to post the fraudulent announcement on the SEC’s account.
After the hack, Council reportedly received payment in bitcoin for his role in the SIM swap. Following this, he traveled to Birmingham, Alabama, to return the iPhone used in the scheme, further indicating his involvement in the conspiracy. In a concerning turn of events, Council is said to have conducted internet searches for phrases such as “what are some signs that the FBI is after you” and sought information about deleting accounts on the encrypted messaging app Telegram, suggesting he was aware of the legal ramifications of his actions.
The SEC has not commented on Council’s arrest or the investigation as a whole. However, the seriousness of the charges against him, which include conspiracy to commit aggravated identity theft and access device fraud, underscores the significant legal implications of cybercrime in the financial sector. Notably, the SEC approved bitcoin ETFs just a day after the hack, illustrating the ongoing evolution of regulatory frameworks governing digital assets and the potential impact of market manipulation on these developments.
The case highlights the critical intersection of cybersecurity and the rapidly evolving world of cryptocurrency, emphasizing the need for robust security measures to protect sensitive information and maintain market integrity. As regulatory bodies like the SEC strive to adapt to the complexities of digital finance, incidents like this serve as stark reminders of the vulnerabilities that can be exploited in the digital age.