A 25-year-old Alabama resident, Eric Council Jr., has pleaded guilty to charges of conspiracy to commit aggravated identity theft and access device fraud after taking over the Securities and Exchange Commission's (SEC) X account in January 2024. Council's actions led to the posting of fake Bitcoin news, which caused the currency's value to spike more than $1,000.

According to investigators, Council used a SIM-swapping attack to move a phone number associated with the @SEC account to the SIM card in an iPhone he had purchased. He then obtained the personal information of a person with access to the account, printed off a fake ID, and used it to convince AT&T to give him control of the phone number, allowing him to receive the account's recovery codes on his own phone.

Council's co-conspirators paid him in Bitcoin for his role in the scheme, which involved posting a doctored image, message, and fake quote by then SEC Chairman Gary Gensler stating that Bitcoin Exchange Traded Funds (ETF) had been approved. The fake news caused a significant surge in Bitcoin's value, highlighting the potential risks of fraudulent activities in the cryptocurrency market.

Following his arrest, investigators found that Council had made suspicious searches, including "What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them." This raises concerns about the sophistication and awareness of cybercriminals, who may be taking steps to avoid detection by law enforcement agencies.

Council is scheduled for sentencing on May 16th and faces a maximum penalty of five years in prison. The case serves as a reminder of the importance of robust security measures and vigilance in the digital age, particularly for high-profile organizations and individuals.

The incident also highlights the potential risks associated with SIM-swapping attacks, which have become increasingly common in recent years. As the use of cryptocurrency and online services continues to grow, it is essential for individuals and organizations to take proactive steps to protect themselves from these types of threats.

In the broader context, this case underscores the need for greater awareness and cooperation between law enforcement agencies, financial institutions, and technology companies to combat cybercrime and protect the integrity of online systems.