Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124

Eric Council Jr. faces a two-year prison sentence for his role in a SIM swap attack that compromised the Securities and Exchange Commission’s X account. Court filings reveal Council earned $50,000 performing similar attacks between January and June 2024. He advertised his services as a SIM swapping expert on Telegram under the username “easymunny,” charging $1,200-$1,500 per job.
Council’s methods involved creating fake identity documents to impersonate individuals with access to the SEC’s account. He then used these documents to deceive an AT&T employee, reassigning the victim’s phone number to his SIM card. This required providing the victim’s last four Social Security digits and driver’s license information. A new iPhone was purchased, the SIM card inserted, and access codes shared with co-conspirators.
On January 9th, 2024, a false announcement about a Bitcoin ETF approval was posted to the compromised SEC account, causing significant market fluctuations. Bitcoin’s price initially surged $1,000 before plummeting nearly $2,000, resulting in substantial financial losses. The post garnered over 1 million views before being identified as fraudulent.
Council’s activities came to an end on June 12th, 2024, when surveillance agents observed him attempting another SIM swap at an Apple store. A subsequent search warrant uncovered incriminating evidence, including fake ID templates and Telegram chats discussing SIM swaps with suspected overseas collaborators. Despite efforts to delete Telegram chats after two weeks, crucial conversations remained.
Council pleaded guilty on February 10th to Conspiracy to Commit Aggravated Identity Theft and Access Device Fraud. The incident highlighted the SEC’s lack of two-factor authentication on its X account at the time, contributing to the successful hack. While the SEC claimed 2FA was initially enabled, X Support allegedly removed it following a staff request. Council’s case serves as a stark reminder of the vulnerability of even major organizations to sophisticated SIM swap attacks.