The $50,000 SEC Hack: How a Small-Town Scammer Rocked the Crypto World

In what seemed like either a reckless prank or a calculated attempt to manipulate the crypto markets, an audacious hack of the U.S. Securities and Exchange Commission’s (SEC) X account turned out to be just a piece of a larger identity theft scheme. At the center of it all was Eric Council, a 25-year-old from Athens, Alabama, who pleaded guilty to conspiracy to commit identity theft in a case that exposed glaring vulnerabilities in digital security—even at the highest levels of financial regulation.

A Simple Yet Costly Exploit

The breach, which occurred on January 9, 2024, led to a false announcement that the SEC had approved spot Bitcoin ETFs—an event the market had been anxiously awaiting. Within moments, Bitcoin surged by 2%, only to plummet 6% once the deception was exposed. The entire ordeal highlighted not just the risks of social engineering in the digital age but also the immense impact that a single fraudulent tweet can have on global markets.

According to court records, Council’s involvement in the scheme was surprisingly low-tech. He and his accomplices orchestrated an old-school SIM swap attack, impersonating an SEC employee—referred to as “C.L.” in court documents. Using a fake driver’s license, Council convinced an AT&T store in Huntsville, Alabama, to transfer C.L.’s phone number to a new SIM card. With control over the number, the hackers reset the SEC’s X account password and posted the now-infamous false ETF approval announcement.

The $50,000 Payoff and a Digital Paper Trail

For his role in the operation, Council was reportedly paid $50,000 in Bitcoin and other cryptocurrencies. However, his attempts to cover his tracks were sloppy at best. Investigators discovered a treasure trove of evidence on his personal laptop, including templates for fake IDs and suspicious web searches like “How can I know for sure if I am being investigated by the FBI?”

Despite the SEC officially approving 11 spot Bitcoin ETFs just a day later, the hack remains one of the most embarrassing security breaches in the agency’s history. The case underscores the need for improved cybersecurity protocols at major financial institutions and serves as a cautionary tale for the crypto community.

BitGalactic’s Take: A Dangerous Precedent for Crypto Markets

From a broader perspective, BitGalactic sees this event as a stark warning for crypto investors and regulators alike. While the approval of Bitcoin ETFs was inevitable, this incident revealed how easily bad actors can exploit information gaps to manipulate the market. It also raises questions about the reliability of financial news in an era where a single tweet can trigger billions in liquidations.

The lesson here? Always verify your sources—especially in the high-stakes world of crypto. As for Eric Council, he has agreed to return his illicit gains and faces a potential two-year prison sentence when he appears in court on May 16. But the bigger issue remains: How many more vulnerabilities like this exist, and who will exploit them next?