On Thursday, the Federal Bureau of Investigation arrested a man from Alabama in connection with a hacking incident on the Securities and Exchange Commission’s (SEC) social media X account back in January.
According to court documents, on or around January 9th, 25-year-old Eric Council Jr., in collaboration with others, unauthorizedly gained control of the SEC’s X account by switching SIM cards on phones, and under the name of SEC Chairman Gary Gensler, prematurely announced approval of a Bitcoin exchange-traded fund.
Following the fraudulent announcement, the price of Bitcoin surged over $1,000. Shortly after, the SEC regained control of the X account and confirmed the unauthorized nature of the announcement, which exploited a security vulnerability. Once the official statement was released, the price of Bitcoin dropped over $2,000.
A federal grand jury in the District of Columbia indicted Council on October 10th, charging him with conspiracy to commit aggravated identity theft and device fraud. If convicted, Council could face up to five years in prison.
Court documents revealed that Council engineered a swap of the SIM card associated with the SEC’s X account.
As part of the scheme, Council and his associates first created a fake identification document in the victim’s name, then used it to impersonate the victim to the telecom provider, requesting the victim’s phone number be transferred from the victim’s SIM card to their own. Subsequently, they took over the victim’s phone account and accessed online social media accounts linked to the victim’s phone number, with the goal of accessing the SEC’s X account to post fraudulent messages as the SEC Chairman.
Nicole Argentieri, Head of the Criminal Division of the Department of Justice, emphasized that Council attempted network crimes by misappropriating someone’s phone number to perpetrate illicit activities using the identity of an individual with access to the SEC’s X account.
“The indictment against Council underscores the determination of the Criminal Division to combat cybercrimes, particularly when they threaten the integrity of financial markets,” she said.
Matthew Graves, U.S. Attorney for the District of Columbia, warned that SIM card swap schemes, where fraudsters deceive service providers to control unsuspecting victims’ phones, could lead to devastating financial losses and compromised personal and private information.
“The alleged conspirators manipulated the financial markets through illegal access to phones. Through these prosecutions, we will hold accountable those responsible for these serious offenses,” he added.
David Geist, Acting Special Agent in Charge of the FBI’s Washington Field Office Criminal and Cyber Division, stated that swapping SIM cards is a method utilized by criminals to unlawfully obtain sensitive information for criminal purposes. In this case, unauthorized actors allegedly manipulated global financial markets using swapped SIM cards. The FBI will continue to collaborate tirelessly with law enforcement partners nationally and globally to hold individuals accountable for violating U.S. laws.
On the evening of January 9th, a spokesperson for the Securities and Exchange Commission (SEC) stated that they had not approved the “spot Bitcoin ETF fund” and clarified that their posts on social media platform X were false.
The spokesperson mentioned that the SEC’s X account had been compromised but did not provide further details.
That afternoon, a post appeared on the SEC’s X account announcing the approval of all registered exchanges to launch Bitcoin ETF funds, accompanied by a picture allegedly quoting SEC Chairman Gensler.
January 10th marks the deadline for the SEC to decide on a batch of ETF funds tracking Bitcoin prices, being a crucial moment for the cryptocurrency industry.
By 4:11 PM Eastern Time on January 9th, the post on the SEC’s X account had garnered at least 1 million views. However, less than 20 minutes later, the post vanished.
The false post caused Bitcoin prices to spike to around $48,000 in the afternoon, only to drop below $45,000 within minutes.
At 4:42 PM, the SEC’s X account disseminated a message stating that the account had been compromised and an unauthorized post had been made.
“The SEC has not authorized the listing and trading of any products related to spot Bitcoin,” the post read.