Eric Council Jr., a 26-year-old from Huntsville, Alabama, was sentenced on May 16, 2025, to 14 months in federal prison and three years of supervised release for hacking the U.S. Securities and Exchange Commission’s (SEC) official social media account on X (formerly Twitter).
Fake Bitcoin ETF Announcement
The cyberattack took place in January 2024 and involved a SIM swap scheme. Council and his co-conspirators used this method to take control of the SEC’s X account. They posted a fake announcement claiming the SEC had approved Bitcoin Exchange Traded Funds (ETFs).
The fraudulent post caused Bitcoin’s price to briefly surge by over $1,000, before dropping more than $2,000 once the SEC clarified the message was false and regained control of the account.
How the Attack Was Carried Out
According to court documents, Council used personal information provided by his accomplices to create a fake ID. He used this ID to impersonate an SEC employee, identified only as “C.L.”
With the fake ID, he convinced an AT&T employee to transfer the victim’s phone number to a SIM card in his control. This allowed Council to intercept two-factor authentication codes and reset the SEC’s X account password.
Guilty Plea and Sentencing
Council pleaded guilty in February 2025 to conspiracy to commit aggravated identity theft and access device fraud. He was arrested in October 2024 after an FBI investigation.
In addition to his prison sentence, Council must forfeit $50,000—an amount believed to be paid in Bitcoin for his role in the SIM swap attack. Agents also found a fake ID printer, ID templates, and a laptop with related searches at his home in Athens, Alabama.
Government Response
Officials emphasized the serious risks of cyberattacks targeting government institutions and financial markets.
“Prosecuting those who abuse digital assets is vital to protect public trust,” said Matthew R. Galeotti of the Justice Department’s Criminal Division.
U.S. Attorney Jeanine Pirro warned that SIM swap attacks threaten the financial security of individuals, companies, and government agencies. She stressed that law enforcement will pursue and prosecute such crimes.
Impact on the Market
The fake tweet caused confusion in cryptocurrency markets. Although the SEC officially approved 11 spot Bitcoin ETFs the next day, the incident exposed weak points in the agency’s cybersecurity practices.
Preventing SIM Swap Attacks
SIM swap attacks exploit gaps in mobile carrier security, allowing hackers to bypass SMS-based two-factor authentication and take over sensitive accounts.
Experts recommend the following security steps:
- Set a PIN or passcode on mobile accounts with carriers.
- Use authenticator apps instead of SMS for two-factor authentication.
- Keep personal information off public platforms.
- Monitor accounts for any unusual or unauthorized activity.
