In a significant cybersecurity case, the FBI has apprehended a suspect tied to the hacking of the U.S. Securities and Exchange Commission’s (SEC) social media account, which falsely announced the approval of spot Bitcoin (BTC) exchange-traded funds (ETFs) in January.
The accused, identified as Eric Council Jr., a 25-year-old resident of Athens, Alabama, allegedly orchestrated this hoax, leading to a temporary spike of $1,000 in Bitcoin’s price, which subsequently plummeted by $2,000 following the SEC’s swift action to reclaim control of their account and issue a correction.
Charges and Allegations
Council faces serious allegations, including conspiracy to commit aggravated identity theft and access device fraud. According to FBI investigations, the hack was carried out using a SIM swapping technique, where Council and his co-conspirators manipulated a victim’s mobile number to infiltrate the SEC’s social media account.
Understanding the SIM Swap Attack
SIM swapping is a method used in social engineering attacks, wherein the perpetrator utilizes the victim’s personal data to persuade mobile service providers to transfer the phone number to a different SIM card.
- Hackers gain unauthorized access to platforms linked to the victim’s mobile number.
- Council allegedly acquired the fake identification to facilitate the SIM swap at a local mobile service provider in Alabama.
Following the dissemination of the fraudulent announcement, Council reportedly received payment in Bitcoin for his actions and subsequently returned the equipment used in implementing the attack.
Legal and Financial Repercussions
U.S. Attorney Matthew M. Graves stressed the critical need to hold accountable those who engage in market manipulation through cybercriminal activities. The investigation was a collaborative effort involving the Justice Department, FBI, and SEC’s Office of Inspector General.
Historical Context of SIM Swap Attacks
Such attacks have been prevalent in the cryptocurrency space, often leading to significant financial losses. Notably, investor Michael Terpin suffered a staggering $24 million loss in 2017, with cybercriminals exploiting this vulnerability to access his digital assets.
Large Scale Crypto Theft Involving SIM Swaps
In another instance, a group of three criminals purportedly stole over $400 million in cryptocurrency from early 2021 to April 2023 using SIM swap techniques to access various wallets.
As reported by Ars Technica, this group utilized tactics similar to those of Council by creating forged ID cards and impersonating victims at mobile service provider outlets.
