Federal prosecutors are said to be considering offering a plea deal to Eric Council Jr., a man accused of hacking into the U.S. Securities and Exchange Commission’s (SEC) social media platform earlier this year. The Department of Justice claims that Council, a 25-year-old from Alabama, worked with others to gain unauthorized access to the SEC’s social media account and falsely announce the approval of spot Bitcoin exchange-traded funds (ETF) in the United States.
During a recent hearing, Council pleaded not guilty to charges of conspiracy to commit aggravated identity theft and access device fraud. However, federal prosecutors indicated that they are willing to offer him a plea deal, which could involve his cooperation in identifying and providing evidence against his co-conspirators. These unidentified individuals are believed to be the masterminds behind the hack, as reported by Bloomberg.
The fake ETF announcement made in January caused a significant fluctuation in the price of Bitcoin. Following the unauthorized statement, the price of Bitcoin surged by over $1,000 before plummeting by more than $2,000 once the SEC regained control of its social media account and clarified that the announcement was false. Interestingly, the SEC did go on to officially approve spot Bitcoin ETFs shortly after the security breach.
According to the DOJ, Council allegedly executed the hack through an unauthorized SIM swap, a technique that involves convincing a mobile carrier to transfer a person’s phone number to a SIM card controlled by the hacker. Council is accused of using the stolen identity of an individual with access to the SEC’s social media account to carry out the hack.
In the aftermath of the incident, the SEC acknowledged that it had not implemented multi-factor authentication (MFA) for its social media profile. This oversight was highlighted by SEC Chair Gary Gensler, who had previously advocated for investors to secure their financial accounts with MFA.
As the legal proceedings unfold, it remains to be seen whether Council will accept the proposed plea deal and cooperate with federal prosecutors in bringing his co-conspirators to justice. The case sheds light on the vulnerabilities of high-profile organizations like the SEC and underscores the importance of robust security measures in safeguarding sensitive information and preventing cyberattacks.