In a significant cybersecurity incident, 25-year-old Eric Council Jr. from Alabama has pleaded guilty to orchestrating a SIM swapping attack that compromised the U.S. Securities and Exchange Commission’s (SEC) X account in January 2024.

The attack involved posting a fraudulent announcement about Bitcoin ETF approvals, causing significant market volatility. Bitcoin’s value initially surged by $1,000 before dropping $2,000 after SEC Chair Gary Gensler confirmed the hack.

Council executed the breach by:
– Creating fake identification cards using stolen personal information
– Conducting a SIM swap attack to gain control of the account manager’s phone number
– Enabling access for co-conspirators who paid him $50,000 in Bitcoin

Investigation revealed Council had conducted suspicious online searches about FBI investigations, indicating awareness of potential consequences. The SEC confirmed the compromise occurred through a SIM-swapping attack targeting their account manager’s phone number.

Facing charges of conspiracy to commit aggravated identity theft and access device fraud, Council could receive up to five years in prison. Sentencing is scheduled for May 16.

The incident highlights the growing concerns around social media account security and the potential market impact of cryptocurrency-related cybercrimes.