X Security Group on Fake Bitcoin ETF Post

X Security Group on Fake Bitcoin ETF Post



The X Security Group has revealed to the United States Securities and Exchange Commission that two-factor authentication (2FA) was not enabled on the original X account, which allowed a hacker to access the account.

The embarrassing revelation for the SEC follows a security breach that rocked the crypto markets today with the fake certification of the SEC's publicly traded Bitcoin ETF on social media platforms.

In a Jan. 10 post, the SEC wrote that the hack of X's safety page was caused by an unidentified actor taking control of the phone number associated with the account and using that to access the SEC's official X page. This is commonly known as SIM swap hacking.

“Based on our investigation, the compromise was not caused by any breach of X's systems, but by a third party monitoring the phone number associated with the @SECGov account by an unidentified individual,” wrote XSafety.

okex

“We can also verify that the account did not have two-factor authentication when the account was compromised.”

SIM swap hacking is identity theft where an attacker takes over a victim's phone number, allowing them to access social media, banking and crypto accounts.

In this case, the hacker may have convinced a third-party telecommunications service provider to monitor the phone number associated with the SEC account. If the hacker knows the correct email address used to log into the account, they can use the phone number to reset the password and gain access to the SEC official account.

Blockchain sleuth ZachXBT took the opportunity to comment on SEC Chairman Gary Gensler's previous advice on social media security with a humorous comment in response to the original X Safety post.

U.S. Senators J.D. Vance and Tom Tillis wrote to Gensler today, challenging the agency's ongoing security breach and demanding an explanation for the action within the next four days.

“These changes raise concerns about the Commission's internal cybersecurity practices and are inconsistent with the Commission's three-pronged mission to protect investors,” the letter wrote.

Vance and Tillis' letter joins a growing list of calls for transparency on the matter, with several members of Congress calling for an official investigation into the matter. U.S. Senator Bill Hagerty called the SEC on its own turf and said the agency would naturally demand an investigation if the breach was caused by an actor on the other side of the fence.

“Just as the SEC would demand accountability from a public company if it made a major market-matching mistake like this, Congress needs answers to what happened right now. This is unacceptable.”

RELATED: Bitcoin ETF Decision May Not Be Delayed Due to SEC Hack: Commentators

U.S. Senator Cynthia Loomis has added her voice to the fray, calling for transparency into “fraudulent ads.”

X owner and Tesla CEO Elon Musk also took the opportunity to respond to claims made earlier on CNBC that the SEC hack was a breach of X's own internal systems.

“That's how legacy media goes,” Musk said. He previously pointed out that the SEC's password is “LFGDogeToTheMoon.”

Magazine: Diffie's Billion Dollar Secret: Insiders Responsible for Hacking



Leave a Reply

Pin It on Pinterest