A man involved in the SEC X account hack has pleaded not guilty to charges surrounding a fake BTC ETF approval post.
A hacker from Athens, Alabama—Eric Council Jr.—has pleaded not guilty to charges brought against him for hacking into the US Securities and Exchange’s (SEC) X account to publish a fake post. That post, which went live on January 9, indicated that the regulator had approved spot Bitcoin exchange-traded funds (ETFs) in the country.
The post came as the crypto industry anticipated the SEC’s announcement, leading BTC’s price to spike immediately by about $1,000. SEC chair Gary Gensler shot down the news and the excitement stemming from it in an X post of his own. Nevertheless, the SEC approved spot BTC ETFs the following day.
Council Jr. appeared in the US District Court for the District of Columbia and entered a plea of not guilty before Judge Amy Berman Jackson. He was hit with one charge of conspiracy to commit aggravated identity theft and access device fraud. Prosecutors have said he was just one of the multiple members of a hacking group that indulged in publishing the fake post.
That post, which obviously got taken down, read, “Today the SEC grants approval for #Bitcoin ETFs for listing on all registered national securities exchanges,” adding, “The approved Bitcoin ETFs will be subject to ongoing surveillance and compliance measures to ensure continued investor protection.” It also contained an image of Gensler with a quote that he did not state.
Federal Bureau of Investigations (FBI) officials arrested Council Jr. on October 17. The prosecutors extended a plea deal to the accused, which he has denied. It is unclear if the authorities have arrest warrants out for other members of the hacking group.
The SEC Did Not Enable 2FA
The group took over the SEC’s account through a SIM swap attack that was possible due to the agency not having enabled two-factor authentication. X’s safety team confirmed it in a January 10 post. “Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party.” It added, “We can also confirm that the account did not have two-factor authentication enabled at the time the account was compromised.”
