SEC’s X account hacked to post fake news of Bitcoin ETF approval

Someone has hijacked the X (formerly Twitter) account of the US Securities and Exchange Commission (SEC), and posted an announcement saying the agency has decided to allow the listing of Bitcoin ETFs (exchange-traded funds) on registered national security exchanges.

The fake announcement was posted on Tuesday, a little after 4 p.m. EST, and was removed less than 30 minutes after, but was picked up by news outlets that were waiting for a decision on the matter to be made by the US markets’ regulator.

As a consequence, the price of Bitcoin spiked for a short while, before tumbling again soon after.

SEC X account hijacked, “unauthorized tweet” posted

SEC’s decision on this particular matter is expected by Wednesday, which is why the fake announcement was taken at face value by many.

After the post was removed, both the SEC and SEC chairman Gary Gensler said (via their respective X accounts) that the account had been compromised and an unauthorized tweet had been posted. “The SEC has not approved the listing and trading of spot bitcoin exchange-traded products,” they added.

Many X users have commented those posts by criticizing SEC’s inability to keep their account secure and some noted that it should be “held accountable for this market manipulation.”

The SEC did not comment further at that time. X’s Safety team confirmed today that SEC’s account was indeed compromised “due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party.”

They also said that “the account did not have two-factor authentication enabled at the time the account was compromised.”

The hijacking of SEC’s X account comes after a slew of account breaches targeting prominent tech companies and security firms such as Netgear and Mandiant. Those compromised accounts had been made to promote bogus cryptocurrency sites and wallet drainer malware.

UPDATE (January 11, 2024, 04:10 a.m. ET):

Gensler has announced later on Wednesday that the SEC approved the listing and trading of a number of spot bitcoin exchange-traded product (ETP) shares, but that they did not approve or endorse bitcoin.

“Investors should remain cautious about the myriad risks associated with bitcoin and products whose value is tied to crypto,” he added.

UPDATE (January 23, 2024, 07:15 a.m. ET):

“Two days after the incident, in consultation with the SEC’s telecom carrier, the SEC determined that the unauthorized party obtained control of the SEC cell phone number associated with the account in an apparent ‘SIM swap’ attack,” the SEC shared on Monday.

“Once in control of the phone number, the unauthorized party reset the password for the @SECGov account. Among other things, law enforcement is currently investigating how the unauthorized party got the carrier to change the SIM for the account and how the party knew which phone number was associated with the account.”

The SEC also explained how it came to be that the account wasn’t protection by multi-factor authentication.

“While multi-factor authentication (MFA) had previously been enabled on the @SECGov X account, it was disabled by X Support, at the staff’s request, in July 2023 due to issues accessing the account. Once access was reestablished, MFA remained disabled until staff reenabled it after the account was compromised on January 9. MFA currently is enabled for all SEC social media accounts that offer it.”

Finally, the Commission said that “SEC staff have not identified any evidence that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts.”