Was it a reckless prank or a deliberate market manipulation? The hacking of the U.S. Securities and Exchange Commission’s (SEC) X account in January 2024 sent shockwaves through the crypto market—and now, the hacker behind it has pleaded guilty to identity theft.
The culprit, 25-year-old Eric Council, admitted to using a stolen identity to hijack the SEC’s social media account, influencing Bitcoin (BTC) prices in a scheme that exploited crypto traders’ trust in regulatory announcements.
The SEC Hack That Shook Crypto Markets
On January 9, 2024, Council and his unnamed co-conspirators took control of the SEC’s X account and falsely announced the approval of spot Bitcoin ETFs. The result? A flash market reaction that briefly sent Bitcoin prices soaring before crashing minutes later.
📈 Bitcoin surged 2% as traders reacted to the fake tweet.
📉 Minutes later, BTC dropped 6% after the SEC confirmed the news was false.
SEC officials quickly addressed the breach, stating:
“The SEC’s @SECGov X/Twitter account has been compromised. The unauthorized tweet regarding Bitcoin ETFs was not made by the SEC or its staff.”
Ironically, the SEC did approve 11 spot Bitcoin ETFs the following day, but the damage had been done. The incident exposed major security flaws at the top U.S. financial regulator, raising concerns about market manipulation risks in the crypto industry.
How Hackers Hijacked the SEC’s X Account
Court records reveal that Council used a classic SIM swap attack, a common identity theft technique used to gain unauthorized access to sensitive accounts.
Step-by-Step Breakdown of the SEC Hack:
🔹 Fake Identity: Council’s partners created a fake ID under the name of an SEC employee (“CL”) with access to the agency’s X account.
🔹 SIM Swap Scam: Using a card printer, Council forged a driver’s license and tricked an AT&T store employee in Huntsville, Alabama, into transferring CL’s phone number to a new SIM card.
🔹 Password Reset: With control over the hijacked phone number, Council’s partners requested an X account password reset, which was sent to Council’s new iPhone.
🔹 Fake Bitcoin ETF Tweet: Council forwarded the reset code to his partners, who then posted the false Bitcoin ETF approval from the SEC’s verified X account.
🔹 Cash Out: After the attack, Council returned the iPhone for cash and was paid $50,000 in Bitcoin and other digital assets for his role in the scheme.
How the FBI Tracked the SEC Hacker
The FBI arrested Council at his home in Athens, Alabama, in October 2024. Investigators followed a clear digital trail, which made it easy to identify and locate him.
Evidence Found by Authorities:
🔍 Fake ID templates stored on his laptop
🔍 Suspicious search history, including: “How can I know if I’m being investigated by the FBI?”
🔍 Online aliases, including “Ronin,” “Easymunny,” and “AGiantSchnauzer”
Under federal sentencing guidelines, Council faces up to two years in prison and has agreed to return the $50,000 he earned from the scheme.
His sentencing is scheduled for May 16, 2025.
The Aftermath: A Wake-Up Call for Crypto Security
The SEC hack has exposed major cybersecurity vulnerabilities, raising serious concerns about:
🔹 The risks of SIM swap fraud
🔹 The ease of market manipulation via social media
🔹 Identity theft in financial institutions
While Council’s arrest provides some closure, the incident highlights the need for stronger security measures—especially in a financial landscape where a single tweet can move billions of dollars.
Bitcoin 
Ethereum 
XRP 
Tether 
BNB 
Solana 
USDC 
Lido Staked Ether 
Dogecoin 
Cardano