Alabama Hacker Steals $50,000 in Crypto from SEC

An Alabama man has pleaded guilty to hacking the U.S. Securities and Exchange Commission (SEC) and stealing $50,000 in cryptocurrency. The incident involved impersonating an SEC employee to gain access to the agency's social media account, leading to a significant market disruption.

Key Takeaways

• Eric Council, 25, hacked the SEC's X account, falsely announcing the approval of Bitcoin ETFs.
• The hack caused Bitcoin's price to spike by 2% before crashing by 6%.
• Council used a fake ID to transfer a phone number linked to an SEC employee.
• He faces a potential two-year prison sentence and has agreed to return the stolen funds.

The Hack Explained

In January 2024, Eric Council executed a sophisticated identity theft operation from his home in Athens, Alabama. By posing as an SEC employee, he managed to take control of the agency's X account, which is crucial for public communications.

1. Preparation: Council's accomplices provided him with a template for a fake identification card featuring his photo and the name of an SEC employee, referred to as "C.L." in court documents.
2. Execution: Using a personal card printer, Council created a fake driver’s license. He then visited an AT&T store, where he convinced an employee to transfer C.L.'s phone number to a new SIM card.
3. Accessing the Account: After obtaining the new SIM card, Council purchased an iPhone in cash and inserted the SIM. His partners attempted to log into the SEC's X account and requested a password reset, which was sent to Council's new phone.
4. Market Manipulation: With access to the SEC's account, Council's partners posted a tweet claiming that the SEC had approved Bitcoin ETFs, a highly anticipated announcement. This tweet caused Bitcoin's price to surge by 2% before plummeting by 6% after the SEC confirmed the tweet was unauthorized.

Consequences of the Hack

The breach raised serious concerns about the security of the SEC, the primary regulatory body overseeing financial markets in the United States. The agency quickly issued a statement confirming that the tweet was not made by authorized personnel.

• Arrest and Charges: Council was arrested in October 2024, and he has since pleaded guilty to conspiracy to commit identity theft. He used various online pseudonyms, including "Ronin" and "Easymunny," which contributed to his digital footprint.
• Legal Ramifications: Council has agreed to return the $50,000 he received for his role in the hack. Under federal sentencing guidelines, he could face up to two years in prison, with a sentencing hearing scheduled for May 16.

The Broader Implications

This incident highlights the vulnerabilities in cybersecurity, particularly within government agencies. As cryptocurrency continues to gain traction, the potential for market manipulation through social media hacks poses a significant risk to investors and the integrity of financial markets.

The SEC's swift response to the hack and subsequent approval of Bitcoin ETFs within 24 hours demonstrates the agency's commitment to maintaining market stability, even in the face of such breaches. As the investigation continues, it serves as a reminder of the importance of robust security measures in protecting sensitive information and maintaining public trust in regulatory bodies.

Sources

• How an Alabama man hacked the SEC for $50,000 in crypto – DL News, DL News.