Podcast Discussion: Deep Dive Into This Article.
In a case that has become a defining example of social engineering’s power to disrupt financial systems, 25-year-old Eric Council Jr., from Athens, Alabama, is now facing a recommended two-year prison sentence after pleading guilty to hacking the U.S. Securities and Exchange Commission’s (SEC) official account on X (formerly Twitter).
The breach occurred on January 9, 2024, and led to a fake public statement announcing the approval of spot Bitcoin ETFs, sparking immediate market turmoil. The ripple effects of the incident, both literal and figurative, continue to echo across the crypto industry and regulatory circles.
How the SEC Got Hacked: The Mechanics Behind the Fraud
Council and unnamed co-conspirators used a SIM swapping attack to hijack the phone number associated with the SEC’s X account. The attackers presented fraudulent ID documents to a telecom provider and convinced staff to port the phone number to a device under their control.
Once the attackers gained control of the number, they bypassed account recovery safeguards and took control of the @SECGov handle. With access in hand, they crafted a tweet stating that Bitcoin ETFs had been officially approved, quoting then-SEC Chair Gary Gensler to boost credibility.
The markets reacted in real-time:
- Bitcoin surged by over $1,000 within minutes, topping $47,000.
- As the SEC issued a correction and confirmed the tweet was fake, the price plunged by more than $2,000, leading to chaos among traders and market makers.
- Over $100 million in long and short positions were liquidated in the volatility.
This single tweet, sent from a compromised account for less than 30 minutes, demonstrated the sheer influence of centralized communications in crypto and how easily public trust can be manipulated.
Prosecutors’ Case and the Sentencing Recommendation
In a court filing on May 12, 2025, federal prosecutors urged the U.S. District Court for the District of Columbia to sentence Council to 24 months in prison, citing not only the financial damage but also the sophistication of the scheme.
Council was arrested in October 2024, following a federal investigation into the SIM swap attack, and later pleaded guilty to conspiracy to commit identity theft and device fraud. Authorities say Council personally gained at least $50,000 from the scheme, with crypto likely used to mask the trail of funds.
The prosecutors wrote:
“This case deserves a guidelines-range prison sentence… It involved a high degree of planning, cross-border coordination, identity fraud, and exploitation of regulatory infrastructure.”
Court documents show that Council and his group had previously used the same technique to target individual social media accounts and cryptocurrency wallets, indicating a pattern of behavior rather than a one-off event.
Sentencing is set for May 16, 2025, before Judge Amy Berman Jackson.
The SEC’s Cybersecurity Misstep: No 2FA in 2024
Perhaps the most alarming aspect of the incident was not the attack itself—but how easily it succeeded. The SEC admitted that its X account did not have two-factor authentication (2FA) enabled at the time of the hack.
This lapse in basic digital security by one of the world’s most influential financial regulatory bodies drew immediate backlash:
- Lawmakers demanded explanations during a Congressional hearing.
- Cybersecurity analysts labeled the incident “a massive failure of internal protocol.”
- Crypto industry leaders called the event both “ironic” and “deeply unsettling,” given the SEC’s frequent critiques of blockchain-based platforms for alleged security vulnerabilities.
For months after the breach, the SEC was forced to reaffirm its digital trustworthiness, while X (formerly Twitter) faced criticism over its handling of enterprise accounts and the lack of protective guardrails.
Broader Industry Impact: Trust, Volatility, and Market Fragility
The false ETF approval announcement revealed just how sensitive crypto markets are to regulatory signals. The crypto industry had been anxiously awaiting real approvals of spot Bitcoin ETFs for years, and many traders were primed to react instantly to any such news.
In just minutes:
- Millions in trades were executed based on false information.
- Trading algorithms were triggered en masse, amplifying the volatility.
- Retail investors and institutional desks alike were affected, with some suffering six-figure losses from the price swing.
This event reminded the world of the fragility of financial sentiment in crypto, and the power held by public statements—even fraudulent ones.
It also reignited calls for:
- Improved disclosure practices by regulators
- Warnings against unverified social media reliance for investment decisions
- More transparency and accountability from public institutions during crises
Eric Council: Cybercrime and a Generation of Digital Exploits
Council’s case also sheds light on a growing wave of digital-native fraudsters who exploit flaws in telecom infrastructure, social media authentication, and identity systems to pull off complex financial crimes.
SIM swapping—a form of identity theft involving tricking mobile carriers into handing over phone control—is increasingly used in crypto-related attacks. Council’s case joins a growing list of high-profile SIM swap exploits, including:
- Hacks of major crypto influencers
- The $200M Ledger exploit in 2023
- Targeted attacks on NFT collectors and crypto exchanges
Experts warn that without stricter telecom regulation, improved KYC protocols, and better user education, such attacks will continue to thrive.
What Happens Next
The sentencing of Eric Council Jr. is more than a conclusion to a cybercrime case—it’s a cautionary tale for regulators, users, and platforms. It marks a pivotal moment in how crypto-related cybercrime is punished and signals how seriously the justice system views market manipulation through technical exploitation.
As the industry matures, the balance between freedom, innovation, and responsibility will continue to be tested.
Conclusion
The Eric Council Jr. case has exposed not only the weaknesses in digital communication infrastructure but also the vulnerabilities in public perception. In a space where a tweet can move billions in market cap, cybersecurity isn’t just a technical concern—it’s a matter of public trust and financial integrity.
As Council awaits sentencing, the crypto industry must reflect on the incident’s implications and work collectively to build more resilient systems, stronger authentication protocols, and smarter regulation. Because in the high-stakes world of digital finance, one wrong message can cost the world more than just money.
This article reflects the opinions of the publisher based on available information at the time of writing. It is not intended to provide financial advice, and it does not necessarily represent the views of the news site or its affiliates. Readers are encouraged to conduct further research or consult with a financial advisor before making any investment decisions.
