SEC Says Multi-Factor Authentication Was Disabled For Its X Account Until After Fake Spot Bitcoin ETF Approval Post

Updated: 23 January 2024

Disclosure

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

Join Our Telegram channel to stay up to date on breaking news coverage

The U.S. Securities and Exchange Commission (SEC) said on Monday that multi-factor authentication (MFA) had been disabled in the run-up to a fake post that announced spot Bitcoin ETF (exchange-traded funds) products were approved.

“While multi-factor authentication (MFA) had previously been enabled on the @SECGov X account, it was disabled by X Support, at the staff’s request, in July 2023 due to issues accessing the account,” the regulator said in a Jan. 22 statement.

It added that MFA “remained disabled” once access was re-established and was only activated again after the account was compromised on Jan. 9.

X Shifts The Blame For The Hack

X quickly shifted the blame for the hack in a Jan. 9 post. The platform said the SEC’s account was compromised after someone was able to obtain control over a phone number associated with the account. In its statement, the SEC corroborated this statement and said it fell victim to an apparent “SIM swap” attack.

We can confirm that the account @SECGov was compromised and we have completed a preliminary investigation. Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number…

— Safety (@Safety) January 10, 2024

A spokesperson for the agency said access to the phone number occurred via the telecom carrier. “SEC staff have not identified any evidence that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts,” the spokesperson added

SEC Criticized By The Crypto Community

The regulator’s account was hacked at around 21:00 UTC on Jan. 9. The unauthorized third party then published a post claiming that the SEC had approved spot Bitcoin ETFs in the U.S. This sent the crypto market into a frenzy as Bitcoin’s price surged to above $47K.

The crypto market leader’s price pulled back soon after, when SEC Chair Gary Gensler denied the news.

The @SECGov twitter account was compromised, and an unauthorized tweet was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products.

— Gary Gensler (@GaryGensler) January 9, 2024

Following the hack, the SEC received a barrage of criticism. Ripple CEO Brad Garlinghouse said that the SEC should be under investigation.

Gemini co-founder Cameron Winklevoss said the event demonstrated that what the financial regulator does best is “manipulating markets and hurting US investors.”