A year has passed since the U.S. Securities and Exchange Commission’s official X account was compromised, leading to a fake post announcing the approval of a Spot Bitcoin ETF. The post sent immediate shockwaves through financial markets, causing Bitcoin’s price to surge momentarily before the SEC quickly denied its legitimacy.
Despite the time elapsed, the full details of the case remain murky. The only individual to be detained and plead guilty was a 22-year-old Alabama man responsible for the SIM card swap that enabled access to the SEC’s account. Yet, the identities of his co-conspirators remain undisclosed, leaving questions about the full extent of the scheme unanswered.
The Fall Guy
According to a Feb. 9 court filing, Eric Council Jr. pleaded guilty to conspiracy to commit aggravated identity theft and access device fraud. Council who was arrested in October 2024, faces a minimum of two years in prison and must forfeit $50,000 as part of a plea deal. Sentencing is set for May 16.
The Department of Justice detailed in its case against Eric Council Jr. that he helped his "co-conspirators" get control of the SEC’s X account through a SIM-swapping attack.
[..] Council received personal identifying information (PII) and an identification card template containing a victim’s name and photo from co-conspirators. Council then used his identification card printer to create a fake ID with the information. Council proceeded to obtain a SIM card linked to the victim’s phone line by presenting the fake ID at a cell phone provider store in Huntsville, Alabama. He then purchased a new iPhone in cash and used the two items to obtain access codes to the @SECGov X account. Council shared those codes with members of the conspiracy, who then accessed the account – and issued the fraudulent tweet [..]
This suggests that his role was limited to executing the SIM card swap with the provided ID details and he was acting on behalf of others who remain unidentified.
SEC False Start
The incident occurred on January 9, 2024, just one day before the SEC officially approved a set of spot Bitcoin ETFs. In fact, the SEC denied the post on the same day the actual approval was issued – January 10.
The @SECGov X account was compromised, and an unauthorized post was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products.
— U.S. Securities and Exchange Commission (@SECGov) January 9, 2024
The false post, which simply stated that the SEC had approved Bitcoin ETFs for trading in the United States, lacked any details on specific issuers. The actual approval on January 10 named specific financial institutions, including BlackRock, Fidelity, and Ark Invest, among others.
The SIM swap attack happened just one day before the real approval was issued. This raises the question of whether the hacker or his associates had prior knowledge of the upcoming decision. Such details are not typically available to the public, suggesting the possibility of an insider providing this crucial information. Until now authorities have not disclosed any additional suspects beyond the person who was sent to swap the SIM cards.