In January, the FBI allegedly hacked the US Securities and Exchange Commission’s (SEC) X account and used it to post falsehoods about the approval of a physical Bitcoin (BTC) exchange-traded fund (ETF) in the US. The man was arrested.
The man was identified as Eric Council Jr., 25, of Athens, Alabama, according to a statement from the U.S. Attorney’s Office for the District of Columbia. Due to this fake announcement, the price of BTC soared by $1,000, before plummeting by $2,000 after the SEC took back control of the account and announced a fix.
The council is charged with conspiracy to commit aggravated identity theft and access device fraud. The FBI revealed that the attack was carried out through a SIM swap, with the council and co-conspirators manipulating the victims’ phone numbers to gain access to the SEC’s X account.
The attack was paid in Bitcoin
According to the indictment, the council used the stolen personal information to forge false identification documents and conduct SIM swaps, thereby giving them access to the SEC’s social media accounts.
SIM swapping is a social engineering attack vector that consists of a malicious attacker using a victim’s personal information to trick a mobile service provider into porting a phone number to a new SIM chip.
Thus, hackers gain access to any platform where the victim uses a mobile number as a login credential. City Council allegedly presented false identification at an Alabama cell phone provider’s store.
After posting the fraudulent message, the council received payment for its role in Bitcoin and immediately returned the equipment used in the attack.
U.S. Attorney Matthew M. Graves emphasized the importance of holding accountable those who manipulate markets through cybercrime. The Department of Justice, FBI, and SEC Office of Inspector General led the investigation.
Billionaire cryptocurrency losses
SIM swap attacks are also a common attack vector that hackers apply to steal cryptocurrencies. In 2017, investor Michael Terpin lost $24 million when a malicious actor used this technique to compromise one of his wallets.
Additionally, a group of three individuals allegedly used SIM swap attacks to access wallets and steal over $400 million in cryptocurrencies between March 2021 and April 2023.
Ars Technica reported that the group used the same techniques allegedly used by the council, printing fake ID cards and using them to pose as victims at mobile phone service provider stores. .