Hacker Pleads Guilty to SEC X Account SIM Swap Attack That Caused Bitcoin Market Volatility

The U.S. Securities and Exchange Commission has reached a legal resolution in a significant cybersecurity incident involving its social media presence, as Alabama resident Eric Council Jr. has pleaded guilty to compromising the SEC’s X account through a SIM swapping attack in January 2024. The incident underscores persistent vulnerabilities in SMS-based authentication methods that federal agencies have repeatedly warned against.

The 25-year-old perpetrator admitted to executing a SIM swap that gave him control over the phone number associated with the SEC’s X account. Through this access, Council reset the account password and posted fabricated information about Bitcoin ETF approvals, triggering substantial cryptocurrency market volatility. The attack method matches similar incidents that led the FBI and CISA to issue warnings about the risks of SMS-based two-factor authentication in government and enterprise systems.

The false announcement caused Bitcoin prices to surge by $1,000 before plummeting $2,000 after SEC Chair Gary Gensler issued a correction. Market data showed the BTC/USD trading pair dropped from $43,800 to $42,300 within a 30-minute window following the incident. On-chain metrics revealed a 10 percent increase in Bitcoin network transactions to 270,000 in the 24 hours after the hack, while the network hash rate maintained stability at 200 EH/s.

Under a proposed plea agreement, Council would forfeit $50,000 in proceeds obtained through the dissemination of false information. The forfeiture order awaits approval from U.S. District Judge Amy Berman Jackson. Council has pleaded guilty to conspiracy to commit aggravated identity theft and access device fraud, with sentencing scheduled for May 16, 2025. The charges carry a maximum prison term of five years.

The SEC confirmed the compromise of their @SECGov X account the day after the incident, specifically identifying a SIM-swapping attack targeting the phone number of the account administrator as the method of breach. The incident adds to a growing list of high-profile SIM swap attacks, which according to recent FBI reports, caused $48 million in losses during 2023 and have prompted calls for stronger authentication measures beyond traditional SMS-based verification.

Sources: BleepingComputer, Blockchain News, Binance

Partners

Founded in 2007, Lakota Software Solutions is an American company with a world-renowned reputation for developing robust biometric software and systems. Our vendor-agnostic products are tailored to ensure compliance with ANSI/NIST-ITL standards and EBTS specifications, facilitate seamless integration with other biometric systems, and optimize accuracy, cost-effectiveness, and scalability. https://lakotasoftware.com/

Oz Forensics is the independent private vendor of robust, technology-based, and AI-powered liveness detection and face-matching solutions founded in 2017 and headquartered in Dubai, UAE. We confirm the security level of our solution by certifying the ISO-30107 Level 1 and 2 standards. https://ozforensics.com/

AuthenticID provides 100% automated identity verification and fraud detection solutions that are leveraged by companies worldwide, including 2 of the top 3 U.S. Banks, 8 out the top 10 wireless providers in North America, and 2 of the 3 credit bureaus. Using proprietary computer vision and machine learning technology, these solutions help companies accurately verify the identity of their users across retail, digital and call center environments for onboarding and ongoing re-authentication events; KYC, IAM, and more. The solutions are easy to integrate and provide customers a large ROI by stopping fraud losses, increasing customer conversion at onboarding, reducing operational costs and allowing quick and cost-effective operational scalability, all while ensuring global privacy regulations are complied with. https://www.authenticid.com/

FaceTec’s patented, industry-leading 3D Face Verification and Reverification software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ finally make trusted, remote identity verification possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for 3D Liveness and Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

Identity Week aims to be a significant identity industry catalyst. It’s our mission is to help accelerate the move towards a world where trusted identity solutions enable governments and commercial organisations to provide citizens, employees, customers and consumers with a multitude of opportunities to transact in a seamless, yet secure manner. All the while preventing the efforts of those intent on doing harm. https://identityweek.net/

The Biometric Digital Identity Prism is a market landscape framework designed to help influencers and decision makers understand, innovate, and implement digital identity technologies and solutions. This innovative framework for understanding and evaluating the rapidly evolving biometric digital identity marketplace is the only market model that is truly biometric-centric based on the foundational conviction that in the age of digital transformation the only true, reliable link between humans and their digital data is biometrics. https://www.the-prism-project.com

Related News & Articles

Footer

Follow Us