SEC Blames ‘SIM Swap’ Attack for Hacked X Account Before Official Bitcoin ETF Approval

The United States Securities and Exchange Commission has confirmed that it has fallen victim to a “SIM swap” attack, which led to a fake X post on January 9 accepting Bitcoin (BTC) exchange-traded funds (ETFs).

“Two days after the incident, in consultation with the SEC's telecom provider, the SEC determined that an unauthorized party had taken control of the SEC's mobile phone number associated with the account in an apparent ‘SIM swap' attack. 22.

“Once the phone number is controlled, the unauthorized party resets the password for the @SECGov account,” the SEC spokesperson added.

The SEC said law enforcement is investigating how the unauthorized party got the carrier to switch SIMs for the account and how the party knew which phone number was linked to the SEC X account.

The SEC also removed multi-factor authentication as an additional layer of protection due to issues with an employee accessing the account six months before the attack. After the January 9 attack, the security measures were not restored.

The SEC said it found no evidence to suggest that the unauthorized party had access to another SEC's systems, data or social media accounts.

RELATED: Fake Space Bitcoin ETF Tweet ‘Probably Wasn't SEC,' Says Blockchain Association Director

SIM swapping is a technique in which attackers take control of a phone number by assigning it to a new device.

The SEC officially approved several spot Bitcoin ETF applications the following day, January 10, most of which began trading on January 11.

Magazine: Crypto Regulation: Does SEC Chairman Gary Gensler Have Final Comments?