The agency governing financial matters in the United States admits that its social media account on X (formerly Twitter) was hacked and used to make a false declaration about an approval eagerly awaited by the crypto industry.

The Securities and Exchange Commission (SEC) on Tuesday confirmed that the “@SECGov
X account was compromised, and an unauthorised post was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products.”

The SEC account had been compromised briefly by an unknown party after about 4pm Eastern time (21:00 GMT) and posted that it had approved the long-awaited bitcoin exchange-traded funds (ETF), Reuters reported.

Hacked account

The unauthorised post claimed that the SEC had granted approval for bitcoin ETFs on all registered national securities exchanges and included a picture purporting to quote SEC Chair Gary Gensler.

The price of bitcoin rose after the post.

The fake post came as the SEC had been widely expected to approve a batch of ETFs that track the price of bitcoin, which would have been a pivotal development for the crypto industry.

The “unauthorised access has been terminated,” the US financial agency reportedly said, and added that it would work with law enforcement to investigate the hack and ‘related conduct.’

Elon Musk’s X also confirmed that the SEC’s account (and not Twitter’s systems) had been compromised after the hacker apparently obtained control of a phone number associated with the agency’s account through a third party.

“We can confirm that the account @SECGov was compromised and we have completed a preliminary investigation,” it said. “Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party.”

And in an unbelievable security lapse, it seems that the SEC had not switched on two-factor authentication for the account.

“We can also confirm that the account did not have two-factor authentication enabled at the time the account was compromised,” X confirmed.

Serious consequences

The compromise of the official social media account of the US financial regulator was noted by Jake Moore, global cybersecurity advisor at ESET, who predicted that there would be serious consequences from the hack.

“This proves that accounts on X continue to be targeted and if an official account is compromised then serious consequences can follow,” said Moore. “Cryptocurrency scams remain the focal point and with social pressure on X, they can still reap huge gains.”

Jake Moore, ESET

“Legitimate third party access compromise or targeted social engineering are still the most common ways to obtain access to an account which leaves the security onus very much on individuals,” said Moore. “Therefore, even more significance should be directed at training staff and account owners especially when dealing with high profile accounts.”

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

China Tells Telecom Carriers To Phase Out Foreign Chips – Report

Tit-for-tat. Another blow for Intel and AMD in China, after Beijing orders telecom carriers to…

1 day ago

Sam Bankman-Fried Appeals FTX Fraud Sentence Of 25 Years

Disgraced crypto billionaire and former FTX CEO Sam Bankman-Fried appeals 25 prison sentence for masterminding…

1 day ago

UK Regulator Flags Competition Risks Of AI Foundation Models

British competition regulator has “real concerns” regarding AI foundation models controlled by small number of…

1 day ago

Micron Notes DRAM Supply Hit After Taiwan Earthquake

Concerns realised. Memory maker Micron admits hit to DRAM supply following Taiwan's biggest earthquake in…

2 days ago

US Senator Hints At TikTok Divestiture Deadline Extension

China's ByteDance may be given up to a year to divest itself of TikTok, used…

2 days ago