An Alabama resident has admitted his role in an unauthorized takeover of the U.S. Securities and Exchange Commission’s official social media account, leading to a significant disruption in the financial market. Eric Council Jr., from Alabama, faced charges for his involvement in this cybercrime, which occurred in early January 2024. The incident unfolded when the SEC’s X account falsely announced the approval of bitcoin ETFs on all national securities exchanges. This misleading information sent ripples through the cryptocurrency market, causing fluctuations in Bitcoin's value.

The method used by Council involved a sophisticated scheme known as SIM swapping. By creating a counterfeit identification card, he managed to gain control over a phone number linked to the SEC’s account. Once in possession of the number, Council's accomplices altered the account’s credentials, allowing them to post fabricated statements, including a false quote attributed to SEC Chair Gary Gensler. The attack exploited a critical security flaw: the absence of multi-factor authentication (MFA). Despite earlier issues with MFA, the agency had requested its deactivation, leaving the account vulnerable to such breaches.

Council’s actions have led to serious legal consequences. Arrested in October, he has since pleaded guilty to charges of aggravated identity theft and access device fraud. Sentencing is scheduled for May 16, where he may face up to five years in prison. The incident also highlighted the broader implications of cybersecurity vulnerabilities in financial institutions. The rapid rise and subsequent fall in Bitcoin’s price underscore the potential for significant market manipulation through such attacks. This case serves as a stark reminder of the importance of robust security measures to protect sensitive information and maintain public trust in financial systems.