One day before the US Securities and Exchange Commission (SEC) approved the first Bitcoin spot ETFs in the USA, unknown persons gained access to the authority’s X account and posted a post that falsely announced the approval of said ETFs. The SEC has now figured out how this could have happened.
• SEC’s X account is hacked
• Approval of Bitcoin ETFs announced by unknown persons
• SIM swapping made hack possible
The fact that the SEC is allowing Bitcoin spot ETFs has caused quite a stir in the crypto market and beyond. But two days before the announcement by the US Securities and Exchange Commission, there was a lot of excitement surrounding two posts that were made by the SEC’s public X account.
Advertising
Trade Bitcoin and other cryptos via CFD (also with lever)
At Plus500 you can bet on rising and falling crypto prices – even with leverage. Try the free demo account now!
Plus500: Please note the Hints5 about this advertisement.
Unknown people publish “fake” posts
The first published post announced that the SEC had given the green light to Bitcoin spot ETFs. A second post, published shortly afterwards, simply said “$BTC.”, according to a statement from the authority. Shortly afterwards, the unknown people deleted the second X post, but kept the first one. In addition, two posts from non-SEC accounts were liked.
Shortly afterwards, the authority initially informed the public via SEC boss Gary Gensler’s official X account that the SEC’s X account had been hacked and that the post about the approval of Bitcoin ETFs was false. The incorrect post was then deleted and the SEC account was informed about the incorrect post again.
Bitcoin temporarily reacts with hefty profits
Nevertheless, the false reports led to a temporary jump in the price of Bitcoin and other cryptocurrencies. The BTC price temporarily exceeded the $47,900 mark before giving back its gains.
“SIM swapping” cause of the hack
Even though the investigation into the hack is ongoing, the SEC has now discovered how the attack by unknown persons could have occurred, according to its statement. The stock exchange supervisory authority fell victim to so-called “SIM swapping”. In doing so, the hackers gained control of the telephone connection that was linked to the SEC’s X account. Once fraudsters gain control of the phone, they can add a new device to the phone number. In this way, according to Reuters, it was possible to reset the SEC account’s X password and ultimately gain control of the account.
Weak security settings
The SEC was criticized for having disabled two-factor authentication for its X account at the time of the hack. A US Congressional panel wrote a letter to the SEC: “This failure is unacceptable and it is appalling that your agency is not even meeting its own standards that it sets for the private sector,” as quoted by Reuters .
The SEC has since reinstated multi-factor authentication for all social media platforms on which the agency has a presence. The incident continues to be investigated, not only by the SEC itself, but by other authorities, including the US Department of Justice and the FBI. The SEC’s statement says there is “currently no indication” that “the unknown persons had access to the SEC systems, data, devices or other social media accounts.”
It remains to be seen whether the hack will have other consequences or whether the culprits will be caught.
Editorial team finanzen.net