One day before the US Securities and Exchange Commission (SEC) approved the first Bitcoin spot ETFs in the USA, unknown persons gained access to the authorityās X account and posted a post that falsely announced the approval of said ETFs. The SEC has now figured out how this could have happened.
ā¢ SECās X account is hacked
ā¢ Approval of Bitcoin ETFs announced by unknown persons
ā¢ SIM swapping made hack possible
The fact that the SEC is allowing Bitcoin spot ETFs has caused quite a stir in the crypto market and beyond. But two days before the announcement by the US Securities and Exchange Commission, there was a lot of excitement surrounding two posts that were made by the SECās public X account.
Unknown people publish āfakeā posts
The first published post announced that the SEC had given the green light to Bitcoin spot ETFs. A second post, published shortly afterwards, simply said ā$BTC.ā, according to a statement from the authority. Shortly afterwards, the unknown people deleted the second X post, but kept the first one. In addition, two posts from non-SEC accounts were liked.
Shortly afterwards, the authority initially informed the public via SEC boss Gary Genslerās official X account that the SECās X account had been hacked and that the post about the approval of Bitcoin ETFs was false. The incorrect post was then deleted and the SEC account was informed about the incorrect post again.
Bitcoin temporarily reacts with hefty profits
Nevertheless, the false reports led to a temporary jump in the price of Bitcoin and other cryptocurrencies. The BTC price temporarily exceeded the $47,900 mark before giving back its gains.
āSIM-Swappingā cause of the hack
Even though the investigation into the hack is ongoing, the SEC has now discovered how the attack by unknown persons could have occurred, according to its statement. The stock exchange supervisory authority fell victim to so-called āSIM swappingā. In doing so, the hackers gained control of the telephone connection that was linked to the SECās X account. Once fraudsters gain control of the phone, they can add a new device to the phone number. In this way, according to Reuters, it was possible to reset the SEC accountās X password and ultimately gain control of the account.
Weak security settings
The SEC was criticized for having disabled two-factor authentication for its X account at the time of the hack. A US Congressional panel wrote a letter to the SEC: āThis failure is unacceptable and it is appalling that your agency is not even meeting its own standards that it sets for the private sector,ā as quoted by Reuters .
The SEC has since reinstated multi-factor authentication for all social media platforms on which the agency has a presence. The incident continues to be investigated, not only by the SEC itself, but by other authorities, including the US Department of Justice and the FBI. The SECās statement says there is ācurrently no indicationā that āthe unknown persons had access to the SEC systems, data, devices or other social media accounts.ā
It remains to be seen whether the hack will have other consequences or whether the culprits will be caught.
Editorial team finanzen.at
Bildquelle: GeniusKp / Shutterstock.com,Steve Heap / Shutterstock.com,Lightboxx / Shutterstock.com,Godlikeart / Shutterstock.com