US Hacker Sentenced for SEC X Account Bitcoin Price Manipulation

In 2024, Eric Council Jr., a 26-year-old U.S. man, orchestrated a high-profile cyberattack on the official X account of the U.S. Securities and Exchange Commission (SEC). This attack was executed through a sophisticated SIM swap technique, which allowed Council and his co-conspirators to gain control over a phone number linked to the SEC's social media access. By resetting the SEC X account password, they were able to post a fraudulent announcement claiming that the SEC had approved Bitcoin exchange traded funds (ETFs).

This false announcement caused an immediate surge in Bitcoin prices, demonstrating the powerful influence of authoritative social media accounts on financial markets. However, once the misinformation was exposed, Bitcoin prices quickly fell back, revealing the volatility and risk associated with such manipulative tactics.

The U.S. Department of Justice (DOJ) responded decisively, announcing Council's sentencing to 14 months in prison followed by three years of supervised release. This case underscores the critical need for robust cybersecurity measures to protect government social media accounts from sophisticated social engineering attacks like SIM swapping.

Understanding SIM Swap Attacks and Their Impact

SIM swap attacks involve fraudulently transferring a victim's phone number to a new SIM card controlled by the attacker. This enables the attacker to intercept calls and messages, including two-factor authentication codes, allowing unauthorized access to sensitive accounts. In this incident, the attack facilitated control over the SEC's X account, a critical communication channel for the agency.

The consequences of such breaches extend beyond reputational damage. They can manipulate financial markets, erode public trust in regulatory bodies, and create opportunities for financial crimes. This case serves as a cautionary tale for government agencies and organizations worldwide to strengthen their cybersecurity protocols, especially around social media account access.

Broader Implications for Cybersecurity and Financial Markets

This incident highlights the intersection of cybersecurity and financial market stability. As digital platforms become primary channels for official announcements, securing these platforms is paramount. The manipulation of market-sensitive information through social media can lead to rapid, destabilizing market movements and undermine regulatory integrity.

Organizations must adopt comprehensive security frameworks that include multi-factor authentication beyond SMS, continuous monitoring for account anomalies, and employee training on social engineering threats. Collaboration between government agencies, social media platforms, and cybersecurity experts is essential to develop resilient defenses against evolving attack vectors.

In conclusion, the sentencing of Eric Council Jr. serves as a reminder of the tangible risks posed by cybercriminals exploiting social media and telecommunications vulnerabilities. Strengthening cybersecurity measures protects not only organizational assets but also the broader financial ecosystem and public trust.