The SEC’s X account got hacked by a 25-year-old who went by ‘AGiantSchnauzer’ and got paid in Bitcoin, feds say
10/18/2024 04:50Eric Council Jr. was charged with conspiracy to commit aggravated identity theft and access device fraud.
A 25-year-old Alabama resident named Eric Council Jr. was arrested Thursday morning in connection with the unauthorized takeover of the Security and Exchange Commission’s X account in January, which caused the value of Bitcoin to spike $1,000, according to the Justice Department.
The hack took place on January 9, a day before the SEC’s long-awaited approval of spot Bitcoin exchange-traded funds. According to a complaint filed in federal court in Washington, DC, the hackers used the compromised account to falsely post that the approval had taken place. Shortly after, SEC Chair Gary Gensler took to his personal account to announce that the claim was false and the post was “unauthorized.”
“The SEC has not approved the listing and trading of spot bitcoin exchange-traded products,” Gensler wrote on X.
The phony post was deleted 25 minutes after it went up, but that was enough to move the market. Immediately, investors rushed to purchase Bitcoin, causing the price to spike by $1,000. Once the correction was made, the price fell by $2,000, according to the indictment.
Council, also known online as “Ronin”, “AGiantSchnauzer”, and @Easymunny, is charged with conspiracy to commit aggravated identity theft and access device fraud, announced today by United States Attorney Matthew M. Graves and others involved in the investigation. The indictment alleges that Council committed these crimes in order to manipulate the price of Bitcoin.
Council and others, who remain unnamed, allegedly accessed the account through what is known as a “SIM swap,” according to the indictment.
“A SIM swap attack refers to the process of fraudulently inducing a carrier to reassign a cell phone number from the legitimate subscriber or user’s SIM card to a SIM card, and telephone, controlled by a criminal actor,” the indictment said, explaining that the trick lets criminals bypass multi-factor authentication.
Council and his co-conspirators allegedly impersonated someone who had access to the account by creating a fraudulent identification document in the victim’s name and took over their cell phone number. The @SECGov X account was linked to this phone number, allowing the hackers to access it and make posts.
Council received payment in Bitcoin for carrying out the SIM swap. During the ensuing investigation, federal agents discovered he reportedly used his personal computer to search for “SECGOV hack,” “federal identity theft statute,” and “how can I know for sure if I am being investigated by the FBI.”
“In this case, the unauthorized actor allegedly utilized SIM swapping to manipulate the global financial market,” FBI Acting Special Agent in Charge Geist said in a statement. “The FBI will continue to work tirelessly with our law enforcement partners around the country and globe to hold accountable those who break U.S. laws.”
If convicted, Council faces a maximum penalty of five years in prison.
This story was originally featured on Fortune.com