Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime

US Securities and Exchange Commission Probes X Account Hack

Value of Bitcoin Rocketed Following Fake Post Claiming Spot Bitcoin ETFs Approved
US Securities and Exchange Commission Probes X Account Hack
The U.S. Securities and Exchange Commission is probing a temporary takeover of a social media account. (Image: Shutterstock)

The U.S. Securities and Exchange Commission said it's probing the "compromise" of one of its social media accounts after a hacker used it to boost fake cryptocurrency news.

See Also: Building Future-Proof Banks

The post via the official @SECgov account on X - formerly known as Twitter - around 4:00 p.m. Tuesday stated that the regulator "grants approval for #Bitcoin ETFs for listing on all registered national securities exchanges." An ETF - short for exchange-traded fund - is a publicly traded investment fund that allows investors to bet on the performance of different assets without having to own such assets.

The fake post also featured a photo of Gary Gensler, chair of the SEC, next to a fake statement attributed to him that read: "Today's approval enhances market transparency and provides investors with efficient access to digital asset investments within a regulated framework."

Many cryptocurrency watchers expect the SEC to approve spot bitcoin ETFs as soon as Wednesday.

Fifteen minutes after the fake post appeared, Gensler posted to his personal X account: "The @SECGov X account was compromised, and an unauthorized post was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products."

The @SECGov account quickly also posted the same message, presumably after someone at the agency regained control.

"The SEC has determined that there was unauthorized access to and activity on the @SECGov x.com account by an unknown party for a brief period of time shortly after 4 p.m. ET," an SEC spokesperson later said in a statement, adding that the hacker's access "has been terminated."

The value of bitcoin temporarily surged to nearly $48,000 after the fake news post before falling back to $45,500.

The X social network launched its own investigation. "We can confirm that the account @SECGov was compromised and we have completed a preliminary investigation," X's safety team reported late Tuesday. "Based on our investigation, the compromise was not due to any breach of X's systems, but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party."

Obtaining control of an individual's phone number typically ties to a SIM swapping attack. Such attacks have repeatedly been used to take control of high-profile Twitter or X accounts and post messages that tie to cryptocurrency scams, as well as to gain access to and drain cryptocurrency accounts.

At the time the SEC's account was compromised, X reported that two-factor authentication wasn't enabled. Whether or not the attacker might have disabled it isn't clear; Twitter still offers it via text message for some accounts. "We encourage all users to enable this extra layer of security," the social network said.

The SEC has a Wednesday deadline to rule on whether it will permit spot trading of bitcoin ETFs in response to registration notices filed by Ark Investments and 21Shares. Up to 13 other applications to launch a spot bitcoin ETF have also been filed with the SEC, including by BlackRock, Fidelity and VanEck.

The agency has yet to approve any spot bitcoin ETFs for listing on U.S. exchanges - and commissioners could possibly delay a final decision.

The hijacking of the SEC's X account followed Gensler on Monday cautioning anyone thinking of investing in "crypto assets." Crypto investments or services might not comply with U.S. law or provide protection to investors, and they are "exceptionally risky and are often volatile," as many underlying platforms have gone out of business.

Also, "fraudsters continue to exploit the rising popularity of crypto assets to lure retail investors into scams," Gensler said. "These investments continue to be replete with fraud - bogus coin offerings, Ponzi and pyramid schemes and outright theft where a project promoter disappears with investors' money."


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ransomware.databreachtoday.com, you agree to our use of cookies.