Man admits to hacking SEC X account

The case of a man who admitted his involvement in the hacking of a US Securities and Exchange Commission social media account has come to light. Eric Council Jr., a 25-year-old man from Alabama, confessed to his role in the January 2024 cybersecurity breach, intended to manipulate the price of Bitcoin. This incident occurred when a post shared by the SEC on X (formerly Twitter) announcing the approval of the first spot Bitcoin exchange traded funds (ETFs) caused a sharp rise in Bitcoin’s price to $48,000 before being taken down.

Following this unauthorized activity, the SEC confirmed the compromise of the “@SECGov X account,” clarifying that no approval was granted for Bitcoin exchange-traded products. It was later revealed that the hacker gained control of a phone number associated with the SEC’s official X account using a SIM swap hack, in which a telecoms carrier was deceived into transferring the number to a device under the hacker’s control. By creating a new password and verifying it through a message sent to the phone number, the hacker successfully manipulated the account’s content. Notably, multi-factor authentication had been disabled for six months at the SEC’s request, further facilitating the breach.

The falsely announced approval for Bitcoin ETFs on national securities exchanges instigated a temporary spike in Bitcoin’s value, only to plummet once the unauthorized access was uncovered. Subsequently, the official confirmation of Bitcoin spot ETFs was issued by the federal agency. It was revealed that Eric Council Jr. pleaded guilty to an identity theft charge in US District Court in Washington. Scheduled for sentencing on May 16, Council could face a maximum prison term of five years for his involvement in assisting the breach of the SEC’s X account. The prosecution outlined that Council utilized a SIM swap tactic, using a fake ID to impersonate an individual with access to the X account and persuade a cellphone store to provide him with a SIM card linked to that person’s phone. By securing access codes to the X account, Council collaborated with others to initiate the fraudulent post, receiving payment in Bitcoin amounting to approximately $50,000 as part of the scheme.

In conclusion, this incident serves as a poignant reminder of the vulnerabilities in cybersecurity measures and the significance of implementing robust security protocols to safeguard against unauthorized access and manipulation. The repercussions of such breaches are evident in the financial implications and legal consequences faced by individuals involved in cybersecurity offenses. The case of Eric Council Jr. underscores the importance of accountability and responsibility in handling sensitive information and highlights the imperative for stringent cybersecurity practices in the digital age.