SEC did not have 2FA enabled: X safety team on fake Bitcoin ETF post
The safety team at X (formerly Twitter) has revealed that the United States Securities and Exchange Commission (SEC) did not have two-factor authentication (2FA) enabled on its main X account, allowing a hacker to gain access to it.
The embarrassing revelation for the SEC follows a security breach that rocked crypto markets today with a false approval of a spot Bitcoin ( BTC ) exchange-traded fund (ETF) from the SEC’s official account on the social media platform.
In a Jan. 10 post, X’s safety page wrote that the SEC hack occurred because an unidentified actor gained control of the phone number associated with the account and used that to gain access to SEC’s official X page. This is more commonly known as a SIM swap hack .
We can confirm that the account @SECGov was compromised and we have completed a preliminary investigation. Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number…
— Safety (@Safety) January 10, 2024
“Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party,” wrote the X safety team.
“We can also confirm that the account did not have two-factor authentication enabled at the time the account was compromised.”
A SIM swap hack is a form of identity theft where an attacker takes over a victim’s phone number, allowing them to access social media, bank and crypto accounts.
In this case, the hacker is likely to have convinced a third-party telecommunications provider to hand over control of the phone number tied to the SEC’s account. If the hacker also knew the correct email address used to sign into the account, they could use the phone number to reset the SEC’s official account password and gain access.
Blockchain sleuth ZachXBT took the opportunity to repackage SEC Chair Gary Gensler’s own previous advice on social media security in a humorous comment made in response to the original X safety post.
Hi @GaryGensler this is a reminder to secure your financial accounts as well as protect against identity theft and fraud.
— ZachXBT (@zachxbt) January 10, 2024
Remember to:
Use strong passphrases or passwords
Set up multifactor authentication
Keep account alerts turned on #CybersecurityAwarenessMonth pic.twitter.com/KBNOV3KhAJ
United States Senators J.D. Vance and Thom Tillis penned a letter to Gensler on Jan. 9, lashing the agency for its lack of operational security and asking for an explanation for the incident within the next four days.
“These developments raise serious concerns regarding the Commission’s internal cybersecurity procedures and are antithetical to the Commission’s tripart mission to protect investors,” wrote the letter.
BREAKING: Senators @JDVance1 @SenThomTillis Demand Explanation For The SEC's Errant Announcement Of The Approval Of Spot-Bitcoin ETFs
— Senator Vance Press Office (@SenVancePress) January 10, 2024
"It is unacceptable that the agency entrusted with regulating the epicenter of the world’s capital markets would make such a colossal error." pic.twitter.com/xG77jM9xAM
Vance and Thillis' letter joined a growing roster of calls for transparency on the matter, with several members of Congress also demanding an official investigation into the incident. U.S. Senator Bill Hagerty called the SEC on its own turf, saying that if this mishap had been caused by an actor on the other side of the fence, the agency would naturally call for an investigation.
“Just like the SEC would demand accountability from a public company if they made such a colossal market-moving mistake, Congress needs answers on what just happened. This is unacceptable.”
Related: Bitcoin ETF decision unlikely to be delayed due to SEC hack: Commentators
U.S. Senator Cynthia Lumiss added her voice to the fray, demanding transparency into “fraudulent announcements.”
X’s owner and Tesla CEO Elon Musk also took the opportunity to push back on an earlier claim made on CNBC that the SEC hack resulted from X’s own internal systems being breached.
That’s how the legacy media runs
— Elon Musk (@elonmusk) January 10, 2024
“That’s how legacy media runs,” said Musk. Earlier, he suggested that the SEC password was “LFGDogeToTheMoon.”
Magazine: DeFi’s billion-dollar secret: The insiders responsible for hacks
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
US Treasury quadruples borrowing estimate to $514B as debt ceiling standoff drags on
Share link:In this post: The Treasury raised its borrowing estimate for April-June to $514 billion because of a smaller cash pile. The end-of-March cash balance came in at $406 billion, way below the $850 billion the Treasury had predicted. Lou Crandall said new tariff revenue from President Trump might help, but the debt ceiling mess is still the main problem.
Trump’s tariff policy casts a shadow on Meta AI expenditure
Share link:In this post: Meta CEO Mark Zuckerberg unveiled plans to enhance Meta AI’s capabilities, as investors remained skeptical about how Trump’s tariffs impacted that strategy. Zuckerberg hinted that answers to the planned strategy could come this week as Meta prepared to host its first LlamaCon for developers on April 29th. Needham analysts expected Meta to follow Alphabet’s lead and remain firm in its plan to spend ~$65B in capex for AI infrastructure this year.
FTX initiates legal action to recover creditor asset from NFT Stars and Kurosemi
Share link:In this post: FTX is suing NFT Stars and Kurosemi to recover crypto assets transferred under agreements before the exchange’s collapse. The representatives of the defunct exchanges allege that both blockchain firms failed to deliver the digital assets despite receiving substantial payments as investments. The lawsuits are part of a broader legal strategy to claw back funds and repay creditors impacted by its bankruptcy.
HAEDALUSDT now launched for futures trading and trading bots
Trending news
MoreCrypto prices
More
