Guilty Plea in SEC X Account Hacking That Caused Bitcoin Surge

Listen to this Post

2025-02-11

A significant cybersecurity breach led to financial market turbulence when hackers infiltrated the U.S. Securities and Exchange Commission’s (SEC) official X (formerly Twitter) account. The unauthorized announcement falsely stated that Bitcoin Exchange-Traded Funds (ETFs) had been approved, causing the cryptocurrency’s value to spike by over $1,000—only to crash by more than $2,000 once the SEC confirmed the post was fraudulent. The individual at the center of this cyberattack, 25-year-old Eric Council from Athens, Alabama, has now pleaded guilty in a U.S. federal court to conspiracy charges related to the hack.

the Case

Eric Council was arrested in October 2024 for his involvement in a SIM-swapping scheme that enabled hackers to gain control of the SEC’s X account. SIM swapping, a common cybercrime tactic, involves fraudulently convincing a mobile carrier to transfer a victim’s phone number to a device controlled by a hacker, allowing them to bypass security measures such as two-factor authentication.

In this case, Council and his co-conspirators used this method to gain access to the SEC’s account. Posing as an authorized user, Council created a fake ID and successfully obtained a replacement SIM card from an AT&T store. After transferring control of the SEC’s phone number to a newly purchased iPhone, the attackers received a password reset code, which allowed them to access and manipulate the account.

On January 9, 2024, the group published a false statement under the name of the SEC Chairman, claiming Bitcoin ETFs had been approved. This misleading announcement triggered immediate market movement, increasing Bitcoin’s price before the SEC could regain control of its account and refute the claim.

Council later admitted to receiving approximately $50,000 for his role in similar SIM-swapping activities over six months. His guilty plea could lead to a maximum sentence of five years in prison, along with fines and supervised release.

What Undercode Says:

The Increasing Threat of SIM Swapping

SIM-swapping attacks are becoming a preferred method for cybercriminals looking to bypass even the most secure authentication systems. This case highlights a major vulnerability: reliance on phone numbers for security verification. Multi-factor authentication (MFA) using SMS codes, while better than single-password logins, is increasingly unsafe due to these exploits. Organizations must consider more robust authentication solutions, such as hardware security keys or app-based authenticators that are less susceptible to social engineering.

The Role of Social Engineering in High-Profile Hacks

One of the most alarming aspects of this case is how easily a hacker could impersonate an authorized individual and deceive a mobile carrier employee. This demonstrates that even well-established security infrastructures can be compromised through human manipulation. Training employees at telecom companies to recognize and prevent fraudulent SIM-swap requests should be a top priority. Implementing additional verification steps, such as in-person authentication at secure locations, could further reduce the risk.

Market Manipulation Through Cyber Attacks

This incident also underscores how cybercriminals are increasingly targeting financial markets for quick profits. The SEC hack caused Bitcoin’s price to rise sharply before plummeting, creating an opportunity for those who anticipated the movement to capitalize. Such market manipulation through cyber intrusions is an emerging threat that regulators and financial institutions must address. Stronger collaboration between cybersecurity experts and financial watchdogs is essential to prevent similar incidents in the future.

Implications for Regulatory Bodies and Their Cybersecurity Posture

The fact that the SEC itself—one of the most critical financial regulatory institutions—was compromised raises concerns about the cybersecurity readiness of government agencies. This breach could have been prevented with stricter access controls, better internal monitoring, and enhanced security measures on social media accounts. It serves as a wake-up call for regulators worldwide to reassess their cybersecurity frameworks, especially regarding social media and external communication channels.

The Future of Cybercrime Enforcement

Eric Council’s guilty plea represents a win for law enforcement, but it also highlights the challenge of tracking down and prosecuting cybercriminals. Many SIM-swapping attacks are coordinated across different jurisdictions, making it difficult to apprehend all members of a cybercriminal network. To combat this, international cooperation among cybersecurity agencies, improved tracing of digital financial transactions, and stronger penalties for cyber offenses must be enforced.

Key Takeaways for Organizations and Individuals

  • Avoid SMS-based authentication: Use authentication apps (e.g., Google Authenticator) or hardware-based security keys (e.g., YubiKey) instead.
  • Be vigilant about phishing and impersonation: Employees, especially those in telecom and financial institutions, must be trained to recognize social engineering tactics.
  • Strengthen regulatory cybersecurity measures: Government agencies need to reinforce security policies, especially concerning public communication platforms.
  • Monitor suspicious financial movements: Authorities should analyze large market fluctuations linked to social media hacks to identify potential fraud and manipulation.

This case is a stark reminder that cybersecurity is no longer just about protecting data—it’s also about safeguarding financial markets and public trust. The SEC breach could have had even more severe consequences, demonstrating the growing sophistication of cybercriminal tactics and the need for stronger, proactive security measures. 🚨

References:

Reported By: https://www.darkreading.com/cyber-risk/guilty-plea-in-hacking-of-the-sec-s-x-account-that-caused-bitcoin-value-spike
https://www.quora.com/topic/Technology
Wikipedia: https://www.wikipedia.org
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://craiyon.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image