By Eric Council Jr., a 25-year-old man from Athens, Alabama, was arrested on Thursday for his alleged involvement in the January hack of the U.S. Securities and Exchange Commission’s (SEC) social media account on X (formerly Twitter). The incident, which led to a brief but significant spike in the price of bitcoin, has drawn attention to the vulnerabilities of high-profile social media accounts and their potential impact on financial markets.
According to the Justice Department, Council is accused of facilitating a “SIM swap” attack, a sophisticated form of identity theft. He allegedly used a fake ID to impersonate someone with access to the SEC’s X account at a cellphone store, convincing staff to provide him with a SIM card linked to the target’s phone number. This allowed Council to take control of the phone number and obtain access codes for the SEC’s X account, which he then shared with other hackers who posted the false information.
The unauthorized post on the SEC’s account claimed, “The SEC grants approval for #Bitcoin ETFs for listing on all registered national securities exchanges.” This premature announcement caused the price of bitcoin to spike by more than $1,000 briefly. SEC Chairman Gary Gensler quickly responded on his personal account, stating that the SEC’s account had been compromised and that no approval for bitcoin ETFs had been granted.
The impact of the hack on the cryptocurrency market was immediate and significant. Bitcoin’s price swung from about $46,730 to just below $48,000 following the false post, before dropping to around $45,200 after the SEC’s denial. Ironically, the SEC officially approved the first exchange-traded funds holding bitcoin the very next day.
Prosecutors revealed that after returning the iPhone used for the SIM swap, Council’s online searches included queries about signs of being under investigation by law enforcement or the FBI. This detail suggests Council was aware of the potential consequences of his actions.
Council faces charges of conspiracy to commit aggravated identity theft and access device fraud in Washington’s federal court. The case highlights the ongoing challenges in cybersecurity, particularly for government agencies and financial regulators whose communications can have immediate and substantial effects on markets.
