SEC blames ‘SIM swap’ attack for hacked X account prior to official Bitcoin ETF approval

    2024.01.23 | exchangesranking | 119onlookers

    The United States Securities and Exchange Commission has confirmed it fell victim to a “SIM swap” attack, leading to the false X post on Jan. 9 stating that spot Bitcoin (BTC) exchange-traded funds (ETFs) had been approved.

    “Two days after the incident, in consultation with the SEC’s telecom carrier, the SEC determined that the unauthorized party obtained control of the SEC cell phone number associated with the account in an apparent ‘SIM swap’ attack,” an SEC spokesperson said on Jan. 22.

    “Once in control of the phone number, the unauthorized party reset the password for the @SECGov account,” the SEC spokesperson added.

    The SEC said law enforcement is investigating how the unauthorized party got the carrier to change the SIM for the account and how the party knew which phone number was associated with the SEC’s X account.

    The SEC also revealed that six months prior to the attack, a staff member removed multifactor authentication as an additional layer of protection due to issues accessing the account. The security measure was not restored until after the Jan. 9 attack.

    The SEC said it hadn’t found any evidence suggesting the unauthorized party gained access to other SEC systems, data or social media accounts.

    Related: Fake spot Bitcoin ETF tweet ‘likely wasn’t the SEC,’ says Blockchain Association director

    The false post announcing the approval of spot Bitcoin ETFs from the SEC's X account. Source: X

    SIM swapping is a technique in which attackers gain control of a telephone number by having it reassigned to a new device.

    The SEC officially approved several spot Bitcoin ETF applications the following day, Jan. 10, most of which began trading on Jan. 11.

    Magazine: Crypto regulation: Does SEC Chair Gary Gensler have the final say?

    The content on this website comes from the Internet. Due to the inconvenience of proofreading the authenticity and accuracy of the copyright or content of some content, it may be temporarily impossible to confirm the authenticity and accuracy of the copyright or content. For copyright issues or other ssues caused by this, please Call or email this site. It will be deleted or changed immediately after verification.