According to Cointelegraph, Eric Council Jr., a hacker involved in a SIM swap attack that compromised the Securities and Exchange Commission's (SEC) X account last year, is facing a potential two-year prison sentence. The breach led to the publication of a false announcement regarding the approval of a spot Bitcoin exchange-traded fund, causing significant market disruption. Recent court filings reveal that Council earned approximately $50,000 from similar attacks and even searched online for ways to determine if he was under FBI investigation.
U.S. prosecutors discovered Council's online searches, including inquiries about FBI investigations and deleting Telegram accounts, during a search of his residence, vehicle, and electronic devices in June 2024. Despite Council's efforts to delete his Telegram chats every two weeks, investigators found discussions about SIM swaps with individuals believed to be overseas. Council admitted to law enforcement that he conducted SIM swaps for clients between January and June 2024, charging between $1,200 and $1,500 per transaction under the username 'easymunny' on Telegram.
Council's method involved creating fake identity documents to impersonate a person with access to the SEC's X account. He used these documents to deceive an AT&T employee into transferring the victim's phone number to his SIM card. Council then purchased a new iPhone, inserted the SIM, and shared access codes to the SEC's X account with his accomplices, who posted the false Bitcoin ETF news on January 9, 2024. The SEC confirmed the hack 15 minutes later, but not before the fake announcement garnered over a million views and caused Bitcoin's price to fluctuate dramatically.
Council's activities came to an end on June 12, 2024, when surveillance agents caught him attempting another SIM swap at an Apple store. A subsequent search warrant led to the discovery of fake ID templates on his laptop. Council pleaded guilty on February 10, 2025, after being indicted for Conspiracy to Commit Aggravated Identity Theft and Access Device Fraud. The incident highlighted security vulnerabilities, as the SEC's X account lacked two-factor authentication at the time, a feature reportedly removed by X Support at the request of an SEC staff member. The breach resulted in significant financial losses, with Bitcoin's price initially rising by $1,000 before plummeting by nearly $2,000, erasing tens of millions of dollars in market positions.
