Federal prosecutors are offering a plea deal to Eric Council Jr., a 25-year-old Alabama resident, who faces charges related to the Jan. 9 hack of the U.S. Securities and Exchange Commission’s (SEC) social media account on X.
The incident drew attention to a fake post claiming that the SEC had approved its first Bitcoin ETFs, generating a frenzy, as an official decision was expected the following day.
Prosecutors suggest that Council could help trace his co-conspirators, though he currently maintains his innocence, pleading not guilty to charges of aggravated identity theft and access device fraud.
Assistant U.S. Attorney Kevin Rosenberg confirmed in a federal court hearing that they intend to extend a plea offer to Council, though it’s uncertain if he will cooperate.
According to investigators, Council allegedly used a SIM swap scheme to access an SEC staff member’s information, leveraging it to take control of the agency’s X account.
The breach reportedly involved a local phone store employee unknowingly assisting him by reassigning the victim’s phone number, which allowed the hacker to reset the account’s password.
While multi-factor authentication (MFA) was initially in place, it had been temporarily disabled by X Support due to prior access issues but has since been restored on all SEC accounts as a security precaution.
The SEC’s post stirred confusion in financial circles, amplifying the need for robust cybersecurity for high-stakes agencies.