X Security Group on Fake Bitcoin ETF Post
The X Security Group has revealed to the United States Securities and Exchange Commission that two-factor authentication (2FA) was not enabled on the original X account, which allowed a hacker to access the account.
The embarrassing revelation for the SEC follows a security breach that rocked the crypto markets today with the fake certification of the SEC's publicly traded Bitcoin ETF on social media platforms.
In a Jan. 10 post, the SEC wrote that the hack of X's safety page was caused by an unidentified actor taking control of the phone number associated with the account and using that to access the SEC's official X page. This is commonly known as SIM swap hacking.
@SECGov We can confirm that the account was hacked and we have completed an initial investigation. According to our investigation, the compromise was not caused by a breach of X's systems, but by an unidentified individual gaining control of the phone number…
— Safety (@Safety) January 10, 2024
“Based on our investigation, the compromise was not caused by any breach of X's systems, but by a third party monitoring the phone number associated with the @SECGov account by an unidentified individual,” wrote XSafety.
“We can also verify that the account did not have two-factor authentication when the account was compromised.”
SIM swap hacking is identity theft where an attacker takes over a victim's phone number, allowing them to access social media, banking and crypto accounts.
In this case, the hacker may have convinced a third-party telecommunications service provider to monitor the phone number associated with the SEC account. If the hacker knows the correct email address used to log into the account, they can use the phone number to reset the password and gain access to the SEC official account.
Blockchain sleuth ZachXBT took the opportunity to comment on SEC Chairman Gary Gensler's previous advice on social media security with a humorous comment in response to the original X Safety post.
Hi @GaryGensler This is a reminder to protect financial accounts and protect against identity theft and fraud.
Remember: Use strong passphrases or passwords Set up multi-factor authentication Keep account alerts #CybersecurityAwarenessMonth pic.twitter.com/KBNOV3KhAJ
— ZachXBT (@zachxbt) January 10, 2024
U.S. Senators J.D. Vance and Tom Tillis wrote to Gensler today, challenging the agency's ongoing security breach and demanding an explanation for the action within the next four days.
“These changes raise concerns about the Commission's internal cybersecurity practices and are inconsistent with the Commission's three-pronged mission to protect investors,” the letter wrote.
BREAKING: Senators @JDVance1 and @SenThomTillis seek clarification on SEC error in Spot-Bitcoin ETFs approval notice
“It is unacceptable that an agency tasked with overseeing the world's capital markets should make such a big mistake.” pic.twitter.com/xG77jM9xAM
— Senator Vance Press Office (@SenVancePress) January 10, 2024
Vance and Tillis' letter joins a growing list of calls for transparency on the matter, with several members of Congress calling for an official investigation into the matter. U.S. Senator Bill Hagerty called the SEC on its own turf and said the agency would naturally demand an investigation if the breach was caused by an actor on the other side of the fence.
“Just as the SEC would demand accountability from a public company if it made a major market-matching mistake like this, Congress needs answers to what happened right now. This is unacceptable.”
RELATED: Bitcoin ETF Decision May Not Be Delayed Due to SEC Hack: Commentators
U.S. Senator Cynthia Loomis has added her voice to the fray, calling for transparency into “fraudulent ads.”
X owner and Tesla CEO Elon Musk also took the opportunity to respond to claims made earlier on CNBC that the SEC hack was a breach of X's own internal systems.
That's how old media works.
— Elon Musk (@elonmusk) January 10, 2024
“That's how legacy media goes,” Musk said. He previously pointed out that the SEC's password is “LFGDogeToTheMoon.”
Magazine: Diffie's Billion Dollar Secret: Insiders Responsible for Hacking