An Alabama man has been arrested by the FBI for allegedly hacking the Securities and Exchange Commission’s social media account on X in a bid to juice Bitcoin’s worth. While the exact evidence that led the Feds to his door isn’t clear, it’s possible Eric Council, Jr., suspected their eventual arrival—prior to his capture, the 25-year-old reportedly searched the internet on his personal computer for phrases including “SECGOV hack,” “how can I know for sure if I am being investigated by the FBI,” and “what are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them.”
On January 9, 2024, the SEC’s official X account tweeted “Today the SEC grants approval for #Bitcoin ETFs for listing on all registered national securities exchanges.” A landmark ruling on whether or not the cryptocurrency could serve as an exchange-traded fund (ETF) had been anticipated for months, the results of which would likely boost or sink at least some of Bitcoin’s value. In the hours following the apparent approval, the crypto’s net worth rose roughly $1,000 per coin. But there was a problem: the SEC actually hadn’t granted a decision yet, and the tweet claiming otherwise came from someone who apparently gained access to the Commission’s social media account.
According to the US Attorney’s Office for the District of Columbia on Thursday, someone hacked @SECGov using what’s known as a “SIM swap.” A Subscriber Identity Module (SIM) card is a commonly used integrated circuit on cellphones and smartwatches that is tied to a user’s international phone number. SIM cards can be replaced by programming a new one to match the same phone number, but typically only if you provide a proof of ID to your phone company. However, sometimes a forged ID unfortunately does the trick, too.
This is allegedly what Council (aka “@Easymunny”) managed to do through a collaboration with unnamed co-conspirators. After obtaining a fake ID featuring the personal information of the SEC employee who controlled the social media account, Council allegedly convinced AT&T representatives to supply him with a new SIM card tied to the victim’s number. He then reportedly slotted the replacement into an iPhone he bought in cash, and soon gained access to the X account via requesting Two-Factor Authentication password retrieval codes. From there, he allegedly provided his co-conspirators with the information, which they subsequently used to log into the SEC’s account and tweet the false Bitcoin ETC approval announcement. Council purportedly received payment in Bitcoin for his services, at which point he returned both the iPhone and SIM card to the cell phone store for a refund.
[Related: Montana breeder of illegal, giant sheep hybrid clones gets 6 months in prison.]
While Bitcoin’s value jumped after the forged tweet, it didn’t take long for the SEC to realize what had happened and regain access to their X account. Meanwhile, as The Verge explained, SEC Chairman Gary Gensler issued a clarification from his own account. Confirmation of the hack ultimately had the reverse effect on the cryptocurrency—it almost immediately fell around $2,000 during the ensuing market correction.
But as Gizmodo noted on Friday, the SEC’s problems didn’t stop there. On January 10, the day after the hack, the Commission actually decided to issue its final (actual) approval for 11 Bitcoin ETFs, only to accidentally screw up the announcement by posting, then deleting, the online paperwork. Given the timing, many people initially weren’t sure if there had been yet another hack.
Council is currently charged with conspiracy to commit aggravated identity theft and access device fraud. There’s no word yet on whether or not he found the information he was looking for during another internet search cited in the FBI’s indictment: “Federal identity theft statute.”