Share this article
Sign Up
- Back to menuPrices
- Back to menuResearch
- Back to menu
- Back to menu
- Back to menu
- Back to menu
- Back to menuWebinars
Hacker Seized SEC Phone Number to Post Fake Bitcoin ETF Approval, X Says
The revelation raises questions about the investments regulator's security protocols.
The Securities and Exchange Commission (SEC) did not employ basic security measures on its X (formerly Twitter) account when it was “compromised” to spread false bitcoin ETF news, according to the social media company.
Late Tuesday, X’s Safety team said it had completed its “preliminary investigation” into the SEC’s market-moving, false post on approval of bitcoin ETF applications, which the regulator blamed on its “compromised” account.
STORY CONTINUES BELOW
“The compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party,” X’s Safety account posted.
The explanation seemingly rules out an “inside job” or “fat finger” theory of the midday post. Bitcoin [BTC] price pumped on the post, but quickly crashed after SEC Chair Gary Gensler clarified that the post was phony.
The incident raises new questions about basic security measures being taken by the SEC, the most powerful investment regulator in the U.S. and one whose statements are closely watched and traded on. Gensler himself has previously encouraged investors to take their security seriously.
U.S. senators J.D. Vance and Thom Tillis have sent a letter to the SEC demanding an explanation of its lapse in cybersecurity.
“It is unacceptable that the agency entrusted with regulating the epicenter of the world’s capital markets would make such a colossal error,” they wrote.
This is a reminder to secure your financial accounts as well as protect against identity theft and fraud.
— Gary Gensler (@GaryGensler) October 24, 2023
Remember to:
🔒Use strong passphrases or passwords
🔒Set up multifactor authentication
🔒Keep account alerts turned on#CybersecurityAwarenessMonthhttps://t.co/qitGkujLxD
“We can also confirm that the account did not have two-factor authentication enabled at the time the account was compromised. We encourage all users to enable this extra layer of security,” X posted.
For full coverage of bitcoin ETFs, click here.
An SEC spokesperson did not immediately return a request for comment on the statement.
“turns out the sec was worried about the wrong security” pic.twitter.com/NAComcTcSH
— twicrates 5’8.375 (@twicrates) January 9, 2024
UPDATE (Jan. 10, 05:54 UTC): Adds details on the response letter sent to SEC by U.S. lawmakers.
Danny Nelson
Danny was CoinDesk's managing editor for Data & Tokens. He formerly ran investigations for the Tufts Daily. At CoinDesk, his beats include (but are not limited to): federal policy, regulation, securities law, exchanges, the Solana ecosystem, smart money doing dumb things, dumb money doing smart things and tungsten cubes. He owns BTC, ETH and SOL tokens, as well as the LinksDAO NFT.
More For You
Crypto Industry Asks President Trump to Stop JPMorgan’s 'Punitive Tax' on Data Access
A coalition of fintech and crypto trade groups is urging the White House to defend open banking and stop JPMorgan from charging fees to access customer data.
What to know:
- Ten major fintech and crypto trade associations have urged President Trump to stop big banks from imposing fees that could hinder innovation and competition.
- JPMorgan's plan to charge for access to consumer banking data may debank millions and threaten the adoption of stablecoins and self-custody wallets.
- The CFPB's open banking rule, which mandates free consumer access to bank data, is under threat as banks have sued to block it, and the CFPB has requested its vacatur.
