In response to the breach, SEC Chair Gary Gensler swiftly clarified that the commission had not approved the listing and trading of spot Bitcoin ETFs.
In a surprising turn of events, the safety team at X disclosed that the recent compromise on the US Securities and Exchange Commission’s (SEC) official account @SECGov was due to the absence of two-factor authentication (2FA).
This lapse in security allowed a hacker to compromise the official SEC X account, leading to a false announcement of the approval of a spot Bitcoin Exchange-Traded Fund (ETF) and causing temporary turmoil in the crypto markets.
Details on X Safety Team’s Investigation
The security team at X stated in a post that it conducted a preliminary investigation and confirmed that the breach was not a result of any compromise within X’s systems. Instead, the attacker employed a SIM swap hack, a form of identity theft where the hacker takes control of the victim’s phone number, providing access to various accounts, including social media, banking, and cryptocurrency.
In this instance, the hacker likely persuaded a third-party telecommunications provider to relinquish control of the phone number linked to the SEC’s account. With this control, coupled with knowledge of the correct email address associated with the account, the hacker could reset the SEC’s official account password and gain unauthorized access.
The consequences of this security breach were significant, as a false approval of a spot Bitcoin ETF by the SEC’s official account on X triggered a spike in the price of Bitcoin to approximately $47,900, only to drop to around $46,100 shortly afterward.
In response to the breach, SEC Chair Gary Gensler swiftly clarified that the commission had not approved the listing and trading of spot Bitcoin ETFs. The unauthorized access was terminated, and the SEC pledged to collaborate with law enforcement and government partners to investigate the incident.
Political Response and Calls for Transparency
However, the aftermath saw a barrage of criticism and calls for accountability from various quarters. US Senators J.D. Vance and Thom Tillis penned a letter to Gensler, expressing concerns over the SEC’s operational security and demanding an explanation within four days.
The letter emphasized the potential threat to investor protection posed by the breach and called for transparency in the investigation process.
Several other members of Congress joined in, pushing for transparency and conducting official inquiries into the situation. US Senator Bill Hagerty emphasized the need for accountability, drawing parallels between the SEC’s response and the scrutiny public companies would face under similar circumstances.
X’s owner and Tesla Inc (NASDAQ: TSLA) CEO Elon Musk seized the opportunity to refute earlier claims that the SEC hack resulted from X’s internal systems being breached. Musk highlighted the media’s tendency to jump to conclusions, stating that “that’s how legacy media runs”.
Overall, the SEC’s X hack serves as a crucial reminder of the critical need for robust cybersecurity measures, especially for entities entrusted with market oversight. The incident not only exposed the SEC’s susceptibility to social engineering attacks but also raised questions about its internal cybersecurity protocols.