An Alabama man, Eric Council Jr., 25, has been arrested by the FBI in connection with a January 2024 hack of the US Securities and Exchange Commission’s (SEC) social media account on X (formerly Twitter).
Council is accused of orchestrating a scheme that resulted in a fake post from the SEC’s account, causing a temporary surge in Bitcoin’s value.
The indictment alleges that Council was part of a conspiracy to carry out a SIM swap attack, enabling him and his co-conspirators to gain access to the SEC’s X account. By posting a false message, Council allegedly made it appear that the SEC had approved Bitcoin for mainstream investment, leading to a $1,000 increase in Bitcoin’s price before the post was debunked, causing the price to drop by $2,000.
According to court documents, Council obtained the personal information of an SEC employee through his co-conspirators and used it to create a fraudulent identification document. On January 9, 2024, Council allegedly visited an AT&T store in Huntsville, Alabama, impersonated an FBI employee, and obtained a SIM card tied to the employee’s phone number. He then used the SIM card to access the two-factor authentication code for the SEC’s X account.
In the aftermath of the hack, investigators revealed that Council searched online for ways to determine if the FBI was investigating him and how to delete accounts on the messaging app Telegram, a platform he reportedly used to discuss the SIM swap.
The US Attorney’s Office, the Justice Department’s Criminal Division, and the FBI jointly announced the charges, which include conspiracy to commit aggravated identity theft and access device fraud. If convicted, Council could face up to five years in prison.
The SEC confirmed that the hack exploited a security vulnerability, as the agency had requested the suspension of multi-factor authentication on its X account in mid-2023. This measure was reinstated after the January attack.
With input from BBC and FOX Business.