X Confirms SEC Hack Before Bitcoin ETF Approval

TL;DR

• According to the X safety team, the fake post that claimed Bitcoin ETF approval on SEC’s X account resulted from a SIM Swap.
• The SEC’s X account was compromised since it neglected the basic rule of online security.

SEC’s X Account Didn’t Enable the Two-Factor Authentification

The US securities regulator’s primary X account was hacked on January 9, 2024, as the social media site confirmed.

The safety team at X reveals the SEC didn’t enable the two-factor authentication (2FA) on its X account. This made it easy for a hacker to access their account.

The hacker posted a fake message indicating that the SEC had approved ETFs for Bitcoin. A move that the crypto industry has been eagerly waiting for.

The news temporarily threw the crypto sphere into an uproar. However, the Securities and Exchange Commission (SEC) has not approved any spot Bitcoin ETFs.

The X’s safety page added that the hack happened because the hacker gained control of the phone number related to the account.

With that information, the unidentified actor was able to access the official page of the US securities regulator.

The hack is commonly known as a SIM Swap—a form of identity theft where hackers take over a victim’s phone number. Thus allowing them to access bank, social media, and crypto accounts.

The attacker had to convince a third-party telecommunications provider to hand over control of the phone number of the SEC’s account.

In addition, the hacker must have known SEC’s correct email address used to sign into X account.

The attacker used the phone number to reset SEC’s password for its official X account, thereby gaining access.

Senators Calls for Transparency on the Hacking

On January 9, 2024, US Senators Thom Tillis and J.D Vance wrote a letter to the SEC Chair. Scolding the agency for its lack of operational security.

The letter also asked the agency to explain why this incident happened in the next four days.

These developments raise serious concerns regarding the Commission’s internal Cybersecurity procedure and are antithetical to the Commission’s tripart mission to protect investors.

Part of the letter stated.

The Tillis and Vance letter joins a list of growing calls for transparency. More Congress members are also demanding an official investigation into the hacking incident.

US Senator Bill Hagerty is calling for the SEC to be more accountable. He reiterated that the agency would have called for an investigation if this mishap happened in a public company.

In addition, Cynthia Lummis had some things to say on the matter. She demands transparency into the fake announcements.

Elon Musk, X’s owner, took the opportunity to refute claims that the SEC hack was due to an internal breach in X’s systems.

Fake Announcement Sent Bitcoin on a Wild Ride

The SEC hacking temporarily turned the Web3 community into a frenzy. This was after a post falsely claiming the SEC had approved Bitcoin ETFs, which the crypto sphere has been obsessed with.

It briefly made Bitcoin go wild, spiking to almost $48,000. But it quickly fell back below $46,000 when it became apparent that the news was fake.

The price dropped by $3.15% after the SEC deleted the fake post. Some analysts expected Bitcoin (BTC) to fall after ETF approval, after surging for various months on greenlight expectations. 

Additionally, the SEC hacking throws cold water on conspiracy theories that had started spreading in the crypto sphere.

Many believed that the SEC orchestrated the hacking episode for nefarious reasons—delaying the approval.

Especially now that the window for Bitcoin ETF approval for several applications like Grayscale is officially open.

But it turns out the SEC is just as bad at cybersecurity as the rest of us.

Will the SEC delay Bitcoin ETF’s approval due to hacking?