Alabama Man Gets 14 Months for Hacking SEC’s X Account With SIM-Swap Scheme

An Alabama man has been sentenced to 14 months in prison for his role in hacking the Securities and Exchange Commission’s (SEC) X account in 2024 and posting a tweet that increased the value of bitcoin by $1,000.

The man and his co-conspirators posted that bitcoin ETFs (Exchange-Traded Funds)—a type of investment vehicle long-awaited by the crypto community—had been approved days before it actually happened. This caused the digital currency to spike in value, giving the man and his associates a chance to enrich themselves with trades.

This Tweet is currently unavailable. It might be loading or has been removed.

Eric Council Jr., 26, of Athens, Alabama, used what’s known as a “SIM swap” attack to access the account of an SEC employee in charge of the organization’s social media.

SIM swaps are when bad actors trick a mobile carrier into reassigning a mobile phone number from a victim’s SIM card to the criminal’s SIM card. This allows them to access accounts with multi-factor authentication enabled by sending the SMS code to their own phones.

Council allegedly used a portable ID card printer to create a physical ID, which he then used to impersonate the victim at an AT&T store in Huntsville, Alabama. The man then inserted the SIM card linked to the victim’s phone and activated a brand new iPhone, which he used to get his hands on the @SECGov X password reset codes, before sharing them with his co-conspirators.

After the SEC regained control of the account and shot down reports that ETFs had been approved, the value of BTC decreased by more than $2,000.

Police later tracked the man down, finding numerous suspicious searches on his personal devices, including “What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them,” and “SECGOV hack.” He is thought to have received around $50,000 for his role in the scheme.

Though the SEC hack was notable for its sheer ambition, it’s unlikely this is the last major hacked social media account spreading crypto fake news. Numerous celebrity social media accounts have been hacked for this purpose, mainly to promote smaller “meme coins,” including rapper 50 Cent, former President Barack Obama, and Tesla CEO Elon Musk.

Get Our Best Stories!

Stay Safe With the Latest Security News and Updates

Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.

By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.

Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

About Will McCurdy

Contributor

I’m a reporter covering weekend news. Before joining PCMag in 2024, I picked up bylines in BBC News, The Guardian, The Times of London, The Daily Beast, Vice, Slate, Fast Company, The Evening Standard, The i, TechRadar, and Decrypt Media.

I’ve been a PC gamer since you had to install games from multiple CD-ROMs by hand. As a reporter, I’m passionate about the intersection of tech and human lives. I’ve covered everything from crypto scandals to the art world, as well as conspiracy theories, UK politics, and Russia and foreign affairs.

Read Will’s full bio

Read the latest from Will McCurdy