The FBI arrested an Alabama man on Thursday in connection with a January hack of Securities and Exchange Commission (SEC) accounts on social platform X that caused a temporary spike in the price of Bitcoin.
Eric Council Jr. used a SIM swap attack to take over SEC accounts, and others later used this attack to falsely claim that the SEC had approved multiple exchange-traded funds (ETFs) that held Bitcoin. He is said to have made the claim.
The price of Bitcoin soared by more than $1,000 after the fraudulent posting. The price of Bitcoin fell by more than $2,000 after the SEC took back control of the account and revealed that it did not approve the funds.
The fake post came at a time when the crypto industry was awaiting the SEC's decision on Bitcoin ETFs. The agency ultimately approved the funding just 24 hours later.
“These SIM-swapping schemes, in which scammers trick service providers into giving them control of unsuspecting victims' phones, are devastating to their victims,” U.S. Attorney Matthew Graves said in a statement Thursday. “This could result in severe economic losses and the disclosure of sensitive personal and private information.”
“Here, the co-conspirators allegedly used illegal access to phones to manipulate financial markets,” he added.
Council co-conspirators allegedly provided him with personally identifying information about individuals whose phones were connected to the SEC's X account. He then created a fake ID and used it to obtain a SIM card linked to this individual's account.
According to the indictment, once the SIM card was inserted into the new iPhone, the council was able to obtain a two-factor security reset code for the SEC's X account, allowing the co-conspirators to access and post to the account. That's what it means.
The 25-year-old was charged with conspiracy to commit aggravated identity theft and access device fraud.
The SEC faced intense scrutiny from lawmakers on both sides of the aisle in the wake of the hack, especially after it was revealed that the agency had not enabled multi-factor authentication at the time.
