A recent guilty plea in a high-profile hacking case has drawn attention to vulnerabilities in online account security and the ripple effects they can have on cryptocurrency markets.

Eric Council, a 25-year-old from Athens, Georgia, has pleaded guilty in the United States federal court to charges related to the hacking of the US Securities and Exchange Commission’s (SEC) X account that occurred January last year.

The incident caused a brief but significant Bitcoin price spike after a fraudulent post falsely claimed SEC approval of Bitcoin exchange-traded funds.

How The Scheme Unfolded

The court documents reveal that Council, along with co-conspirators, conducted Subscriber Identity Model (SIM) swaps to gain unauthorized access to the @SECgov X account. The US DoJ explained this SIM swap attack:

A SIM swap attack is a form of sophisticated fraud where criminal actors fraudulently induce a mobile carrier to reassign a mobile phone number from a victim’s SIM card to a SIM card and telephone controlled by a criminal actor attempting to access valuable information associated with the victim’s telephone. Members of SIM swapping groups conduct SIM swaps for the purpose of defeating multifactor authentication and/or two-step verification security features for internet connected accounts, such as social media and virtual currency accounts.

After the SIM swap was completed, Council used forged identification and other deceptive tactics to secure a replacement SIM card. He then accessed the SEC’s X account and shared the login credentials with his associates.

Shortly thereafter, the account was used to issue a fraudulent post announcing SEC approval of Bitcoin ETFs. The announcement was entirely false, yet it managed to move markets almost instantly.

According to the DoJ, Bitcoin’s price rose by over $1,000 following the post, only to fall more than $2,000 after the SEC regained control of its account and discredited the message.

With Bitcoin ETFs being a hot topic among investors as at then, any news—true or false—had the potential to cause significant crypto market reactions. The SEC’s official account is particularly influential, any genuine approval of Bitcoin ETFs was seen as a major milestone in the crypto space.

By impersonating the SEC and fabricating an approval announcement, the conspirators were able to manipulate crypto market sentiment and drive a temporary price surge.

Potential Sentence And Other Details

Council’s plea agreement revealed further details about his involvement in SIM swapping and other fraudulent activities. In addition to the SEC incident, he admitted to attempting additional SIM swaps and was found in possession of fake identification templates and a portable ID printer.

He acknowledged receiving roughly $50,000 in payments for his role in the conspiracy, which included performing the SIM swap that led to the SEC breach.

The DoJ revealed that Council has pleaded guilty in federal court to one count of conspiracy to commit aggravated identity theft. This charge carries a potential maximum sentence of five years in prison, a fine of up to $250,000, and up to three years of supervised release. His sentencing is set for May 16, 2025.