Man Pleads Guilty in SEC Social Media Hack, Bitcoin Price Spikes

An Alabama man, Eric Council Jr., pleaded guilty on Monday to his role in a January 2024 hack of the U.S. Securities and Exchange Commission's (SEC) social media account, which led to a false announcement about Bitcoin exchange-traded funds (ETFs) and a subsequent spike in the cryptocurrency's price. Council, 25, admitted to an identity theft charge in U.S. District Court in Washington, D.C., and faces a potential sentence of up to five years in prison and a fine of $250,000. His sentencing is scheduled for May 16, 2025.

The hack, which occurred on January 9, 2024, involved Council using a SIM-swapping technique to gain access to the SEC's X account. He created a fake ID and impersonated someone with access to the account at an AT&T store in Huntsville, Alabama, convincing the employee to give him the victim's SIM card. Council then took over the person's cellphone number and obtained access codes to the SEC's X account, which he shared with co-conspirators who broke into the account and sent the false post.

The unauthorized post, which claimed that the SEC had approved the listing of Bitcoin ETFs on all registered national securities exchanges, caused Bitcoin's price to surge by more than $1,000. However, the price quickly dropped after the SEC denied the false announcement and confirmed that its account had been compromised. The real approval of Bitcoin ETFs came the following day, but the damage from the hack had already shaken the crypto markets.

Council's guilty plea is a significant development in the ongoing investigation into the SEC's social media account hack. His testimony could provide valuable insights into the hacking method, the role of his co-conspirators, and the motivation behind the scheme. This information can help law enforcement and cybersecurity experts better understand and combat SIM-swapping attacks, which have become increasingly common in recent years.

The incident also highlights the vulnerability of even top regulatory bodies to cyberattacks and the potential for social media influences to manipulate financial markets. The SEC has since taken steps to enhance its cybersecurity measures and restore public trust in its regulatory communications. These measures include implementing more robust multi-factor authentication methods, such as security keys, and reviewing and updating its information security program and practices.

In the wake of the hack, U.S. lawmakers have demanded an investigation into the SEC's practices related to the use of multi-factor authentication (MFA), particularly phishing-resistant MFA, to identify any remaining security gaps that must be addressed. The senators noted that the option to enable security keys has been available for users of X since 2021, and that the SEC should have followed recent guidance from the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) to secure its social media accounts.

The hack also raised concerns about the potential for market manipulation and volatility in cryptocurrency markets. The rapid rise and fall in Bitcoin's value following the false announcement underscored the need for cautious market participation and information verification from reliable sources. The SEC may need to consider additional measures to combat market manipulation and volatility, such as enhanced monitoring and enforcement of market integrity rules.

In conclusion, the guilty plea of Eric Council Jr. in the SEC's social media account hack has significant implications for the agency's cybersecurity measures, public trust in regulatory communications, and the broader cryptocurrency market. The SEC must take decisive action to address these challenges and restore confidence in its ability to protect investors and maintain market integrity. By strengthening its cybersecurity measures, increasing scrutiny on social media accounts, and enhancing market monitoring and enforcement, the SEC can help prevent similar incidents in the future and promote a more stable and secure financial landscape.