(Bloomberg) — An Alabama man has been charged with hacking the U.S. Securities and Exchange Commission's X account in January ahead of the highly anticipated decision to approve the Spot Bitcoin exchange-traded fund.
Most Read Articles on Bloomberg
Federal Bureau of Investigation agents arrested Eric Council Jr. Thursday morning and charged the 25-year-old with conspiracy to commit aggravated identity theft, according to a statement from the Department of Justice.
According to the indictment, the council allegedly used the anonymous victim's stolen personal information and iPhone to bypass the X Account's security measures. The government said the alleged scheme at one point included Council impersonating an FBI agent who had lost his cell phone.
The SEC's X (formerly Twitter) account was hacked in early January, the day before it was scheduled to announce approval of the first-ever spot market Bitcoin exchange-traded product. Hackers took over the agency's official account and posted a message stating that the SEC had approved several companies' product trading applications.
The ETF's approval, which came after a lengthy legal battle between the SEC and the fund's issuer, was one of the most eagerly awaited events ever in the digital asset industry. The green light from regulators pushed the original cryptocurrency to an all-time high of $73,797 in March. The funds have seen more than $20 billion in inflows and now hold a combined total of about $64.5 billion worth of assets, according to data compiled by Bloomberg.
The Department of Justice announced that a fake post with premature approval caused the price of Bitcoin to jump by $1,000. According to the statement, Bitcoin fell by $2,000 after the SEC took back control of the X account and the posts were revealed to be fake.
“The SEC appreciates the vigilance of law enforcement agencies in holding accountable those responsible for the SEC's X Account breach,” an agency spokesperson said in a statement.
Prosecutors say the City Council used a so-called SIM swap to access SEC accounts. SIM swapping is when a hacker fraudulently activates a victim's phone number on another device in order to intercept calls and messages. This allows hackers to receive multi-factor authentication codes when attempting to reset a victim's email, social media, or cryptocurrency exchange account.
The SEC hack began on Jan. 9, when co-conspirators allegedly sent victims' personal identifying information and victim ID templates to the council using encrypted text messages. According to the indictment, the City Council allegedly used an identification printer to create false identification documents for the victims.
Armed with a fake ID, Council allegedly went to an AT&T store in Huntsville, Alabama, and obtained a SIM card linked to the victim's account. Council then walked to an Apple store to purchase a new replacement iPhone, according to the indictment.
Once granted access to the victim's phone, the co-conspirators generated access codes to the victim's social media accounts and shared them with other co-conspirators, according to the indictment.
The indictment says the fake posts were made by one of the anonymous co-conspirators. Once that was done, Council allegedly drove to the service provider's store in Birmingham, Alabama, returned the iPhone and received the cash.
Council, whose online pseudonyms include @Easymunny, is scheduled to appear for a detention hearing on October 22 in federal court in Huntsville, Alabama. He is represented in the matter by federal public defender Kevin Butler, who did not immediately respond to a message seeking comment.
The case will be filed in the United States District Court for the District of Columbia (Washington), United States v. Council.
–With assistance from Lydia Beyoud, Margi Murphy, and Nicola M. White.
(Updates with court appearance details in final paragraph.)
Most Read Articles on Bloomberg Businessweek
©2024 Bloomberg LP
