- Hacker posted misleading information about spot bitcoin ETFs, causing market fluctuations, the false post remained live for 15 minutes before the SEC acknowledged the hack.
- A SIM swap attack, where the hacker gained control of the phone number linked to the SEC’s X account. The SEC re-enabled MFA on all its social media accounts.
- SEC collaborates with the FBI, Homeland Security, and DOJ to track the attacker and understand how the phone number was compromised.
The SEC admitted its X account was hijacked in a SIM swap attack, leading to a fake post announcing Bitcoin ETF approval days before the real one. The incident exposes critical security flaws.
On January 9th, the SEC’s X account falsely declared Bitcoin ETFs greenlit, sending markets into a spin. Days later, the truth emerged: a hacker used a SIM swap attack to hijack the phone number linked to the account, reset the password, and post the bogus announcement.
Compounding the issue, the SEC revealed it had disabled multi-factor authentication (MFA) six months prior due to access problems. This crucial security layer remained inactive, leaving the account vulnerable.
“Law enforcement is currently investigating how the unauthorized party got the carrier to change the SIM and how they knew which number was associated with the account,” confirmed the SEC.
Adding to the confusion, the SEC officially approved real Bitcoin ETFs a day after the hoax.
The SEC faces a crucial moment to regain trust and demonstrate its commitment to cybersecurity. The lessons learned from this SIM swap attack will undoubtedly shape future regulations and security protocols for both the Commission and financial institutions as a whole.
The SEC now faces an uphill battle to regain trust and demonstrate its commitment to cybersecurity. The lessons learned from this SIM swap attack will undoubtedly shape future regulations and security protocols for both the Commission and financial institutions across the board.