Hacker Pleads Guilty to Hijacking SEC’s X Account and Spreading Fake Bitcoin News
A shocking cybersecurity breach recently highlighted the vulnerabilities of digital finance and the growing use of hacking for market manipulation. A 25-year-old Alabama resident, Eric Council Jr., has pleaded guilty to hijacking the U.S. Securities and Exchange Commission’s (SEC) official X account, formerly known as Twitter. His motive was to spread false information about Bitcoin, causing a temporary surge in its price.
The breach, which took place on January 9, 2024, involved a sophisticated SIM-swapping attack. This method allowed Council to take control of the SEC’s official account by deceiving AT&T into transferring a linked phone number to a SIM card he controlled. Once inside, he and his unidentified co-conspirators posted a false announcement under SEC Chairman Gary Gensler’s name, misleading the public into believing that Bitcoin exchange-traded funds (ETFs) had been approved.
The false statement led to an immediate spike in Bitcoin’s value, with the price jumping by over $1,000. Investors, reacting to what seemed like a significant regulatory milestone, quickly pumped money into Bitcoin. However, when the fraudulent claims were exposed, the market reversed course, causing uncertainty and financial losses for traders who reacted to the misinformation.
Investigators later discovered that Council had been financially motivated. He was paid in Bitcoin for orchestrating the attack, although the exact amount remains unclear. Court records also indicate that in the days following the incident, he actively researched ways to detect an FBI investigation, signaling that he anticipated law enforcement scrutiny.
Despite his attempts to evade detection, federal authorities tracked him down and arrested him on October 17, 2024. His capture highlights the growing role of digital forensics in cybercrime investigations. Council formally entered a guilty plea on February 10, 2025, admitting to charges of conspiracy to commit aggravated identity theft and access device fraud. He now faces a maximum prison sentence of five years, with his final sentencing scheduled for May 16, 2025.
This case serves as a critical reminder of the rise in SIM-swapping attacks, a hacking method that exploits security lapses in mobile carriers to gain control of high-value accounts. It emphasizes the importance of multi-factor authentication and enhanced security precautions for businesses and individuals. The SEC breach underscores the vulnerability of financial markets to false information and the potential for widespread economic consequences.
In response to the attack, SEC Chairman Gary Gensler reiterated the agency’s commitment to stronger cybersecurity measures. As cybercriminals become increasingly sophisticated, financial institutions and regulatory agencies must prioritize enhanced safeguards to prevent similar incidents in the future.
This incident serves as a lesson for investors, regulators, and tech companies alike. In an era where digital threats continue to evolve, maintaining strong security protocols is no longer optional. It is a necessity to preserve trust in financial systems and protect against manipulation.
