An Alabama man has plead guilty to his role in the January 2024 hijacking of the U.S. Securities and Exchange Commission’s (SEC) social media account, a cyber intrusion that briefly sent Bitcoin’s value soaring.

The breach occurred when the SEC’s official X account posted a fraudulent message, purportedly from the SEC chairman, falsely announcing the approval of long-anticipated Bitcoin exchange-traded funds (ETFs). Within minutes, Bitcoin’s price spiked by more than $1,000.

The SEC quickly regained control of its account and refuted the claim, causing the cryptocurrency’s value to drop by over $2,000.

Eric Council Jr., 25, of Athens, Alabama, was arrested in October 2024 and has admitted to conspiring with others to carry out the unauthorised takeover.

Council faces a maximum penalty of five years in prison and is scheduled to be sentenced on May 16.

Court documents reveal that the conspirators gained access through a technique known as a SIM swap attack. Council used a falsified identification card—created with an ID card printer—to impersonate a staff member and convince a mobile carrier to transfer the victim’s phone number to a SIM card under his control.

This allowed his co-conspirators to bypass security measures and access the SEC’s social media account and write that spot Bitcoin ETFs had been approved in the US. (The actual ETFs were approved days later on Jan. 10).

Officials from the SEC and FBI have emphasised the need for stronger cybersecurity measures to protect market-sensitive communications from similar attacks.

The incident has renewed calls for financial regulators and firms to adopt more stringent multi-factor authentication protocols and other security enhancements to prevent unauthorised access to critical accounts.

SIM swap fraud is a growing cybersecurity threat that has targeted government offices and companies, as well as individuals.

A form of identity theft, SIM swap fraud occurs when cybercriminals take control of a victim’s mobile phone number by tricking or bribing a telecom provider into transferring it to a SIM card under their control. This tactic allows fraudsters to bypass security measures that rely on SMS-based two-factor authentication (2FA), gaining access to sensitive accounts, including banking, cryptocurrency wallets, and social media profiles.

Fraudsters typically gather personal information on their targets through phishing, social engineering, or purchasing stolen data from dark web marketplaces. Once they have enough details—such as the victim’s name, phone number, and answers to security questions—they contact the victim’s mobile carrier.

They impersonate the victim and claim they lost their phone and need to activate a new SIM card, or bribe a telecom employee to process the transfer. Once the number is linked to a new SIM card under their control, the fraudster receives all incoming calls and texts intended for the victim, including authentication codes for password resets and account logins.