Hacker Who Breached SEC Account and Falsely Announced Bitcoin ETF Approval Faces Trial

A 25-year-old Alabama man, Eric Council Jr., has pleaded guilty to charges related to hacking the U.S. Securities and Exchange Commissions (SEC) X (formerly Twitter) account in January 2024. His actions led to the unauthorized publication of a false announcement claiming the SEC had approved the first-ever spot Bitcoin exchange-traded fund (ETF), causing significant market volatility.

Fake Bitcoin ETF Post and Market Manipulation

Court documents reveal that Council gained unauthorized access to the SECs X account through a SIM swap attack. This technique allowed him and his associates to temporarily take control of the account and publish a fraudulent post, accompanied by an image of SEC Chair Gary Gensler, falsely announcing the approval of spot Bitcoin ETFs.

The incident occurred on January 9, 2024, at a time when analysts widely expected the SEC to make an official ruling on Bitcoin ETFs. Following the false announcement, Bitcoins price surged by over $1,000 within minutes, only to decline rapidly once Gensler and the SEC confirmed that the post was not authentic. Less than 24 hours later, the SEC formally approved spot Bitcoin ETFs, but the temporary manipulation had already caused financial disruption in the market.

Prosecutors allege that Council personally profited approximately $50,000 from the price movement caused by the fake post. He reportedly used a forged identification document and deceived a mobile store employee into assisting him in compromising the SECs account.

Legal Proceedings and Potential Sentencing

Following an investigation, the Federal Bureau of Investigation (FBI) arrested Council in October 2024. Initially pleading not guilty, he later agreed to a plea deal, admitting to one count of conspiracy to commit aggravated identity theft and access device fraud.

On February 9, 2025, U.S. prosecutors proposed a forfeiture order, requiring Council to surrender the $50,000 he earned from the fraudulent announcement. If the order is signed by U.S. District Judge Amy Berman Jackson, he will also face a minimum prison sentence of two years, as stipulated under federal law for identity theft-related offenses.

Since his arrest, Council has been free on a personal recognizance bond and was permitted to travel during the holidays. However, his final sentencing is scheduled for May 16, 2025, when the court will determine the severity of his punishment.

This case highlights the growing risks of cyber-enabled financial manipulation and the importance of cybersecurity in financial regulatory institutions. As the cryptocurrency market continues to expand, regulators and market participants must remain vigilant against fraudulent activities that seek to exploit digital platforms for financial gain.