Eric Council Jr. Pleads Guilty to Co-Conspirator Role in SEC Twitter Hack

Eric Council Jr., a resident of Alabama, has pleaded guilty to being a co-conspirator in the unauthorized takeover of the US Securities and Exchange Commission’s (SEC) Twitter account in 2023. The incident occurred in early January 2024, when the SEC’s official X account tweeted that Bitcoin exchange-traded funds (ETFs) had been approved for listing on all registered national securities exchanges. However, SEC Chair Gary Gensler quickly announced that the agency’s account was compromised, revealing that it was the victim of a SIM swapping attack.

The Attack Revealed

The commission later revealed that it was the victim of a SIM swapping attack, although it also admitted that its account was not protected by multi-factor authentication. Council was the one who carried out the SIM swap, according to the Department of Justice. Council used an ID card printer to create a fake ID, which he then used to gain access to a phone number associated with the SEC’s account. His co-conspirators, who paid Council in bitcoin, then changed the SEC account’s password to control it before posting the false news along with a fake quote from Gensler.

Lack of MFA Protection

The SEC’s account was not protected by multi-factor authentication, which the agency previously said it had asked X’s support staff to disable in July 2023 due to issues with account access. However, it remained disabled until after the account was compromised. Council was arrested in October and has pleaded guilty to aggravated identity theft and access device fraud. He will be sentenced on May 16 and could face up to five years in prison.

Market Impact

The fake announcement had a significant impact on the market, with Bitcoin rising by $1,000 after the false news went up and then falling by $2,000 when the SEC issued a correction.