In a twist that seems to belong to a cyber-thriller, Eric Council Jr., the notorious SIM swap hacker, found himself at the center of a legal storm after an audacious breach of the Securities and Exchange Commission’s (SEC) X account last year. Prosecutors are now pushing for a two-year prison sentence for Council, whose antics included Googling “how to tell if the FBI is investigating me,” according to court documents filed on May 12, 2025. The hack not only shook the markets but also exposed glaring vulnerabilities in cybersecurity protocols.
A Digital Heist with Real-World Consequences
Eric Council Jr.’s brazen operation began with the creation of counterfeit identity documents, enabling him to impersonate an individual with insider access to the SEC’s X account. His accomplices had pinpointed this target, and Council proceeded to trick an AT&T staff member into transferring the victim’s phone number to his SIM card. Armed with the new SIM, Council purchased an iPhone, inserted the SIM, and relayed access codes to his conspirators. On January 9, 2024, these conspirators unleashed a false announcement regarding the approval of a spot Bitcoin exchange-traded fund (ETF), triggering a wild, albeit short-lived, rollercoaster in Bitcoin prices.
Bitcoin momentarily surged by $1,000, only to tumble nearly $2,000 shortly after, wiping out tens of millions in market positions. “The market’s knee-jerk reaction was swift,” noted crypto analyst Sarah Thompson. “It underscores the precariousness of investor sentiment and the immense power of perceived legitimacy.”
The Underbelly of SIM Swapping
Council’s foray into the dark arts of SIM swapping didn’t stop at the SEC breach. He admitted to pocketing roughly $50,000 from January to June 2024, offering his services under the Telegram alias “easymunny.” His clientele would pay between $1,200 and $1,500 for his expertise. Yet, despite his attempts at digital subterfuge, including setting Telegram chats to auto-delete, law enforcement unearthed incriminating conversations.
The unraveling of Council’s operation came to a head on June 12, 2024, when he was caught attempting another SIM swap at an Apple store. A subsequent search of his residence and devices revealed templates for fake IDs and further cemented the case against him. In February 2025, Council pleaded guilty to charges of Conspiracy to Commit Aggravated Identity Theft and Access Device Fraud.
Implications for Cybersecurity and Crypto Markets
The implications of Council’s actions ripple far beyond his individual case. The SEC’s X account, remarkably, lacked two-factor authentication (2FA) at the time of the breach—a critical lapse that allowed the hack to occur. While the SEC contends that 2FA was initially enabled, it was allegedly disabled by X Support at the request of an SEC staffer, a misstep with costly consequences. For a deeper dive into the regulatory implications, see our coverage of the SEC’s latest guidance.
“The absence of robust security measures like 2FA is a cautionary tale,” cybersecurity expert Alex Moreno emphasized. “In the fast-paced world of crypto, where trust is paramount, such vulnerabilities can lead to catastrophic outcomes.”
As the digital landscape continues to evolve, so do the methods employed by cybercriminals. Council’s case serves as a stark reminder of the importance of vigilance and the need for continuous advancements in cybersecurity protocols. With the crypto market’s inherent volatility, even a whisper of misinformation can send shockwaves through the ecosystem, highlighting the critical need for platforms to fortify their defenses.
Looking Forward: Lessons and Challenges
While Eric Council Jr.’s story may be drawing to a close, the broader narrative of cybersecurity in the cryptocurrency industry is still unfolding. As regulators and industry players grapple with the challenges of securing digital assets, questions remain about the adequacy of current safeguards. Are we prepared for the next wave of digital threats? Only time will tell. This follows a pattern of institutional adoption, which we detailed in our analysis of corporate treasury investments.
For now, the crypto community watches keenly, aware that the stakes are higher than ever. The lessons from Council’s audacious escapade are etched into the annals of crypto history, serving as both a warning and a call to action. As the industry presses forward into 2025, the emphasis on security and trust remains paramount—a steadfast reminder that in the digital realm, the line between chaos and order is perilously thin.
Source
This article is based on: SEC hacker once Googled ‘if I am being investigated by the FBI’
Further Reading
Deepen your understanding with these related articles:
- US crypto groups urge SEC for clarity on staking
- Nasdaq Seeks SEC Approval to List 21Shares Dogecoin ETF
- Why Grayscale’s Bitcoin Trust still dominates ETF revenue in 2025

Steve Gregory is a lawyer in the United States who specializes in licensing for cryptocurrency companies and products. Steve began his career as an attorney in 2015 but made the switch to working in cryptocurrency full time shortly after joining the original team at Gemini Trust Company, an early cryptocurrency exchange based in New York City. Steve then joined CEX.io and was able to launch their regulated US-based cryptocurrency. Steve then went on to become the CEO at currency.com when he ran for four years and was able to lead currency.com to being fully acquired in 2025.