The US Securities and Exchange Commission (SEC) has revealed that its social media account on X fell victim to a “SIM swapping” attack in relation to the false post about the approval of Bitcoin exchange-traded funds (ETFs) earlier this month.
The incident, which occurred on January 9, led to a temporary surge in the price of Bitcoin, followed by a price crash after SEC Chair Gary Gensler said on his personal X account that the SEC’s X account had been “compromised.”
The @SECGov twitter account was compromised, and an unauthorized tweet was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products.
— Gary Gensler (@GaryGensler) January 9, 2024
In a statement published on Monday this week, the SEC said that six months before the attack, an additional layer of protection known as multi-factor authentication (MFA) had been removed by staff and was only reinstated after the January 9 attack.
The fraudulent post was followed by a vote by the commission the next day, which ultimately resulted in the approval of all spot Bitcoin ETF applications.
SIM swapping involves attackers gaining control of a phone number by having it reassigned to a new device.
Once in control of the phone number, the unauthorized party reset the password for the @SECGov account, the statement said.
The new statement from the regulator confirms key details shared by X Safety already the day after the incident.
We can confirm that the account @SECGov was compromised and we have completed a preliminary investigation. Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number…
— Safety (@Safety) January 10, 2024
Accordin