After hijacking the SEC’s official X account and shaking up the crypto markets with fake news about a Bitcoin ETF approval, Eric Council Jr. didn’t exactly play it cool. Instead, he turned to Google with a nervous question: “How can I know for sure if I am being investigated by the FBI?”
Meet the Man Behind the SEC X Account Hack
Council, a self-proclaimed SIM swap expert who went by easymunny on Telegram, wasn’t new to cybercrime. Between January and June 2024, he made around $50,000 by hijacking phone numbers for clients—mainly in the crypto world, charging up to $1,500 per job.
But his biggest job came in January when he helped breach the SEC’s X account and post a fake message claiming spot Bitcoin ETFs had been approved. Bitcoin’s price jumped by $1,000 before crashing nearly $2,000 once the hoax was exposed, costing traders millions.
From Fake IDs to Real Trouble
Here’s how he did it:
Council created fake IDs to impersonate a person with access to the SEC’s X account. Using just partial Social Security and driver’s license numbers, he tricked an AT&T employee into switching that person’s phone number to his SIM card.
Then he bought a new iPhone at an Alabama Apple Store, inserted the new SIM, and handed over login codes to his partners. They used that access to publish the false ETF approval on Jan. 9j, just a day before the real approval came through.
He Got Paid in Bitcoin. Then Got Caught
For his role in the SEC hack, Council was paid in Bitcoin and other cryptocurrencies. But by June, he got sloppy.
Federal agents caught him trying to pull off another SIM swap—this time impersonating a different victim at an Apple Store. A few days later, a search of his house, car, and devices turned up damning evidence: fake ID templates on his laptop, Telegram messages discussing SIM swaps, and even Google searches trying to figure out if the FBI was on to him.
Despite setting his Telegram chats to auto-delete, prosecutors recovered discussions with overseas partners about previous jobs.
The Fallout: No 2FA and a $1 Million Mistake
The hacked post stayed up for about 15 minutes and racked up over a million views before the SEC confirmed the breach. X’s own security team later admitted that the SEC’s account had no two-factor authentication (2FA) at the time – a major vulnerability. The SEC said it had 2FA enabled, but it was mistakenly removed by X Support.
Council pleaded guilty in February 2025 to conspiracy and fraud charges. Prosecutors are now pushing for a two-year prison sentence.
