On May 16, 2025, Eric Council Jr., a 26-year-old from Athens, Alabama, was sentenced to 14 months in federal prison and three years of supervised release for his role in one of the most consequential social engineering attacks in cryptocurrency history. The January 2024 hack of the U.S. Securities and Exchange Commission’s official X account sent Bitcoin prices surging over $1,000 in minutes after a fraudulent tweet announced fake Bitcoin ETF approval. With Bitcoin trading near $103,489 at the time of sentencing, the case serves as a stark reminder that the most effective attack vectors often exploit human trust rather than code vulnerabilities.
The Threat Landscape
SIM swapping has emerged as one of the most persistent and damaging attack methods targeting cryptocurrency users and organizations. The technique involves convincing a mobile carrier to transfer a victim’s phone number to a SIM card controlled by the attacker. Once in control of the phone number, attackers can bypass SMS-based two-factor authentication and reset passwords on virtually any account tied to that number.
In the SEC case, Council and his co-conspirators performed a SIM swap against the cellphone account of a person who had administrative access to the SEC’s X account. Using a fabricated fake ID and a new iPhone, Council impersonated the victim at a mobile carrier store to port their number. From there, the hackers reset the SEC account password, gained control of the @SECGov handle, and posted the fraudulent Bitcoin ETF approval announcement on January 9, 2024.
The attack exploited a fundamental weakness in account security: reliance on phone-based authentication for high-value accounts. Despite the SEC’s status as a major government agency, the account’s security ultimately depended on the integrity of a single mobile carrier’s identity verification process.
Core Principles
Protecting against SIM swap attacks requires understanding three fundamental principles of modern authentication security. First, your phone number is not a secure identity anchor. Mobile carriers operate retail environments with varying levels of employee training and verification rigor, making them susceptible to social engineering.
Second, defense in depth is non-negotiable. No single authentication factor should be sufficient to compromise an account. Hardware security keys, authenticator applications, and biometric verification each provide distinct layers that an attacker must independently defeat.
Third, operational security extends beyond your own devices. The accounts of people with administrative access to your organization’s social media, email, and communication channels are themselves critical attack surfaces. An organization’s security is only as strong as its most vulnerable administrator.
Tooling & Setup
Implementing robust protection against SIM swap attacks involves several concrete measures. Replace SMS-based two-factor authentication with hardware security keys such as YubiKey or Google Titan on all critical accounts, especially email and cryptocurrency exchange accounts. These keys use the FIDO2/WebAuthn standard, which is resistant to phishing and cannot be bypassed through phone number porting.
For cryptocurrency-specific protection, use authenticator applications like Google Authenticator, Authy, or hardware wallet-based 2FA as a minimum standard. Enable account-level PINs and port freezes with your mobile carrier — most major carriers offer these features specifically to prevent unauthorized SIM transfers.
Organizations should implement mandatory hardware key authentication for all social media and communication accounts with public-facing authority. Internal policies should require regular security audits of administrative access credentials and ensure that no single individual’s compromised phone number can grant account takeover.
Ongoing Vigilance
The cryptocurrency ecosystem presents unique challenges for security awareness because of its speed and the financial incentives it creates for attackers. When the fake SEC tweet appeared, Bitcoin’s price moved within seconds, demonstrating how quickly market-moving information spreads and how little time exists for verification during volatile periods.
Establish verification protocols for market-moving news that do not rely on any single information source. Cross-reference official announcements through multiple channels — agency websites, verified press releases, and direct communications — before acting on social media claims. This discipline protects not only institutional investors but also individual traders who may be most vulnerable to manipulation.
Final Takeaway
The sentencing of Eric Council Jr. closes a chapter on a hack that exposed critical weaknesses in how even government institutions protect their digital identities. The 14-month prison sentence sends a clear deterrent message, but the underlying vulnerability — over-reliance on phone-based authentication — remains pervasive across the cryptocurrency ecosystem. Whether you are managing a personal wallet with a few hundred dollars or an institutional portfolio worth millions, the lesson is the same: invest in hardware security keys, freeze your mobile carrier porting, and never trust a single channel for critical information verification.
Disclaimer: This article is for educational purposes only and does not constitute legal, financial, or security advice. Always consult with qualified professionals for security decisions regarding your digital assets.
Cross-chain DeFi is the next frontier
AMM innovations like concentrated liquidity changed everything
moved to a carrier that requires in-person verification for port outs after my friend got sim swapped in 2023. minor inconvenience but the alternative is losing everything. carriers wont fix this voluntarily
portout_paranoid in-person verification for port outs should be mandatory everywhere. one carrier doing it doesnt help when attackers just target users on weaker carriers
DeFi insurance protocols are maturing — that’s a bullish sign
Permissionless lending is still the most powerful use case in crypto
this article is about sim swapping the SEC account though. the 14 month sentence for council feels light considering btc moved $1000 on a fake tweet
Marco D. $1000 BTC move on a single fake tweet shows how fragile market sentiment was in Jan 2024. the real story is how easily it could happen again
$1K BTC move on the fake tweet from the May 16, 2025 sentencing case exposed SIM swap risks.
DeFi TVL recovery shows the fundamentals are stronger than ever
14 months for moving the entire BTC market with one fake tweet. you get more time for selling weed in some states. the incentives here are completely backwards
SIM swap to hack the SEC twitter and move btc $1000 in minutes. guy got 14 months. the ROI on that crime vs punishment is insane
14 months for moving the entire BTC market with a fake SEC tweet. the sentencing disparity for crypto related crimes vs traditional fraud is wild
null_pointer 14 months for moving the entire btc market with a fake tweet. compare that to what they gave Ross Ulbricht. the sentencing logic in this country is broken
compare 14 months for council to what Ulbricht got. the sentencing logic in this country makes absolutely zero sense for crypto related cases
Davies O. the Ulbricht comparison is valid but different crimes different statutes. the real issue is that social engineering carries lighter sentences than code exploits because courts understand code better than manipulation
SIM swapping remains the single most effective attack vector against crypto holders. carriers still havent fixed the port out vulnerability properly
Gunther F. carriers still treat port-out requests like its 2010. att and verizon both got sued over this and nothing changed. the SIM swap playbook is identical to what it was 5 years ago
SIM swap sentencing of 14 months after SEC X hack at $103K Bitcoin shows carrier vulnerabilities.
Coinbase’s $300M Series E at $8B valuation in October 2018 came when Bitcoin was $6,317.