Last updated:
Journalist
Hassan Shittu
Journalist
Hassan Shittu
Share
Why Trust Cryptonews
Eric Council Jr., the man accused of hacking the U.S. Securities and Exchange Commission’s (SEC) X account in January 2024, has pleaded guilty to conspiracy charges related to identity theft and access device fraud.
On Monday, Council admitted to his role in the cyberattack in a hearing at the U.S. District Court for the District of Columbia. The attack resulted in the unauthorized posting of a message falsely claiming that the SEC approved spot Bitcoin exchange-traded funds (ETFs) for the first time.
The post briefly caused market fluctuations before the SEC confirmed the hack.
Council Faces May Sentencing for SEC X Account Hack
According to a Bloomberg report, Federal prosecutors have proposed a plea agreement with a forfeiture order requiring Council to pay $50,000, which authorities say he “personally obtained” from the scheme. U.S. District Judge Amy Berman Jackson had not yet signed off on the order at the time of publication.
Judge Jackson has scheduled Council’s sentencing for May 16, 2025. According to the Congressional Research Service, if convicted, he could face a minimum sentence of two years in prison for the felony charge.
Council, 25, was arrested by the Federal Bureau of Investigation (FBI) in October 2024 and initially pleaded not guilty to the felony charge. Since his arrest, he has been free on a personal recognizance bond.
In October 2024, during a hearing at the U.S. District Court in Washington, D.C., Assistant U.S. Attorney Kevin Rosenberg confirmed plans to offer Council a plea deal. However, as Bloomberg reported, whether he will accept it remains unclear.
Rosenberg told U.S. District Judge Amy Berman Jackson that: “We will extend a plea; I have no idea if it will be accepted or not.”
Prosecutors have stressed that Council was not acting alone but was following directives from key figures behind the attack.
Eric Council Jr. Arrested For SEC SIM Swap Attack
According to prosecutors, Council was part of a group that used a SIM swap attack to gain control of the SEC’s official X account.
They gained access to the SEC’s X account by using a fake ID to trick a phone store employee into transferring control of a phone number.
His co-conspirators, who initially identified the victim, then bypassed security measures to post an image of then-SEC Chair Gary Gensler falsely confirming Bitcoin ETF approval.
The SEC quickly removed the post and later confirmed the real approval of the ETFs less than 24 hours. The incident occurred on Jan. 9, 2024, just one day before the SEC was widely expected to announce its long-awaited decision on spot Bitcoin ETFs.
The fake post triggered a rapid price surge in Bitcoin, with BTC spiking by over $1,000 before Gensler clarified that the announcement was unauthorized. The SEC officially approved the investment products on Jan. 10.
Following the breach, X’s safety team revealed that the SEC did not enable two-factor authentication on its account at the time of the attack.
Council’s upcoming sentencing highlights the need for stronger security practices within government agencies to protect financial markets and prevent similar breaches.
