PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Alabama Man Gets 14 Months for Hacking SEC's X Account With SIM-Swap Scheme

Eric Council Jr. used a fake ID and a new iPhone to help his co-conspirators bypass the MFA on the Securities and Exchange Commission's account and juice the price of bitcoin.

Will McCurdy
 & Will McCurdy Contributor

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Credit: Dan Kitwood via Getty Images)

An Alabama man has been sentenced to 14 months in prison for his role in hacking the Securities and Exchange Commission's (SEC) X account in 2024 and posting a tweet that increased the value of bitcoin by $1,000.

The man and his co-conspirators posted that bitcoin ETFs (Exchange-Traded Funds)—a type of investment vehicle long-awaited by the crypto community—had been approved days before it actually happened. This caused the digital currency to spike in value, giving the man and his associates a chance to enrich themselves with trades.

Eric Council Jr., 26, of Athens, Alabama, used what’s known as a “SIM swap” attack to access the account of an SEC employee in charge of the organization’s social media.

SIM swaps are when bad actors trick a mobile carrier into reassigning a mobile phone number from a victim’s SIM card to the criminal’s SIM card. This allows them to access accounts with multi-factor authentication enabled by sending the SMS code to their own phones.

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones
Google Will Soon Spot Fake Calls on Supported Android Phones
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

Council allegedly used a portable ID card printer to create a physical ID, which he then used to impersonate the victim at an AT&T store in Huntsville, Alabama. The man then inserted the SIM card linked to the victim’s phone and activated a brand new iPhone, which he used to get his hands on the @SECGov X password reset codes, before sharing them with his co-conspirators.

After the SEC regained control of the account and shot down reports that ETFs had been approved, the value of BTC decreased by more than $2,000.

Police later tracked the man down, finding numerous suspicious searches on his personal devices, including “What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them,” and “SECGOV hack.” He is thought to have received around $50,000 for his role in the scheme.

Though the SEC hack was notable for its sheer ambition, it's unlikely this is the last major hacked social media account spreading crypto fake news. Numerous celebrity social media accounts have been hacked for this purpose, mainly to promote smaller "meme coins," including rapper 50 Cent, former President Barack Obama, and Tesla CEO Elon Musk.

About Our Expert

Will McCurdy

Will McCurdy

Contributor

I’m a reporter covering weekend news. Before joining PCMag in 2024, I picked up bylines in BBC News, The Guardian, The Times of London, The Daily Beast, Vice, Slate, Fast Company, The Evening Standard, The i, TechRadar, and Decrypt Media.

I’ve been a PC gamer since you had to install games from multiple CD-ROMs by hand. As a reporter, I’m passionate about the intersection of tech and human lives. I’ve covered everything from crypto scandals to the art world, as well as conspiracy theories, UK politics, and Russia and foreign affairs.

Read the latest from Will McCurdy

Read full bio