United States Securities and Exchange Commission Chair Gary Gensler has released a new statement responding to lawmakers in the House of Representatives regarding an unauthorized tweet about the spot Bitcoin ETF.
The response breaks down the sequence of events leading up to the Sim swap attack targeting the commission, which compromised its official Twitter account.
SEC Chair Responds To Lawmakers
In a letter sent on February 6 to Representatives Patrick McHenry, French Hill, Bill Huizenga, and Ann Wagner, SEC Chair Gensler seemed to confirm earlier reports that a hacker had gained access to the SEC’s official X account using a SIM swap attack. The attack allowed the attacker to use the account to falsely post that the SEC had approved spot Bitcoin ETFs for listing and trading, sending crypto markets into overdrive.
Gensler revealed that the hacker could make two separate posts using the account and also “liked” two posts before the commission could regain access and undo the hacker’s activity on the account.
“Based on information currently available, [SEC] staff believe that X terminated the unauthorized access to the account by 5:30 pm. [L]aw enforcement is currently investigating how the unauthorized party got the carrier to change the SIM for the account and how the party knew which phone number was associated with the account.”
Gensler himself responded from his official account that the SEC’s account had been compromised. Since the hack, the SEC has enabled multi-factor authentication on all its social media accounts, according to a recent update.
“The @SECGov Twitter account was compromised, and an unauthorized tweet was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products.”
Gensler added that the SEC was coordinating with several law enforcement agencies, including the Office of Inspector General, the Federal Bureau of Investigation, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency for an investigation into the developments. He added that he was also in touch with Justice Department officials, stating that the SEC took cybersecurity extremely seriously, inviting lawmakers to ask additional questions at their discretion.
According to the latest available reports, law enforcement agencies are still trying to determine how the attacker was able to change the SIM and how they knew which phone number was associated with the SEC account.
“At this time, SEC staff has not identified any evidence that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts.”
Two-Factor Authentication Was Not Enabled
The fake tweet from the account sent the crypto markets into a tizzy, as many were expecting the SEC to approve the spot Bitcoin ETFs. The SEC officially approved the ETFs on the following day, giving them the green light to be listed and traded on US exchanges. The security team at X confirmed following an investigation that the SEC had not enabled two-factor authentication for its account, which led to the security breach. The SEC later confirmed this in a statement released on January 22.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.