SEC Confirms Hacking of X Account After “SIM Swap”
The SEC says the hacker who compromised the X account used a “SIM swap” attack. The unauthorized access saw the hacker publishing fake site Bitcoin ETFs approval notice. Investigations into the breach are ongoing, but the SEC said the 2FA feature was disabled during the deal.
The US Securities and Exchange Commission (SEC) has confirmed that the hacking of Agency X's account and the “false certification” of the spot Bitcoin ETFs occurred after an apparent “SIM swap”.
According to the SEC report, the attacker used a mobile phone number linked to an Agency X account. The unauthorized party obtained the phone number from the telecom service provider used by the SEC, not from the regulator's system.
However, the SEC reported that during the hack, two-factor authentication (2FA) for social media accounts was disabled. In a press release, the SEC said 2FA will be disabled for the X account starting July 2023.
“While multi-factor authentication (MFA) was previously enabled on the @SECGov X account, at the request of staff, it was disabled by X support in July 2023 due to problems accessing the account. Once access was re-established, MFA remained disabled until employees re-enabled it on January 9 after the account was compromised. MFA is currently enabled for all SEC social media accounts,” the SEC said in an update published Monday.
A multi-agency investigation is underway.
The unauthorized access to the SEC's X account on January 9, 2024 drew widespread criticism and condemnation, with observers calling for an investigation as they pointed to possible market manipulation. The false confirmation saw Bitcoin's price swing wildly – rising to $49k before paring all gains within minutes.
While the SEC officially approved Bitcoin ETFs on January 10 and trading began on January 11, an investigation involving various regulatory and law enforcement agencies is ongoing.
In a recent press release about the incident, the SEC and its staff continue to work closely with the FBI, the Homeland Security Cybersecurity and Infrastructure Security Agency, the Commodity Futures Trading Commission (CFTC), the Department of Justice (DoJ), and the SEC. Division of enforcement.
