Crypto News- The Securities and Exchange Commission revealed on Monday that its X account experienced a security breach leading to a false post just prior to the official approval of spot bitcoin ETFs. Multi-factor authentication (c) for the @SECGov X account had been disabled in July 2023, following issues accessing the account at the staff’s request, only to be re-enabled after the compromise on January 9.
SEC’s Security Oversight: Multi-Factor Authentication Disabled Ahead of False X Post on Bitcoin ETF Approval
X Support disabled MFA due to access problems, but it was not reactivated promptly after access was restored. The SEC confirmed that the compromise occurred when an unauthorized party gained control over a phone number associated with the account through a “SIM swap” attack, a technique transferring a phone number to another device without authorization.
SEC Faces Scrutiny After Security Breach: Multi-Factor Authentication Disabled in Lead-up to Bitcoin ETF Approval
Criticism arose in Washington D.C. due to the SEC’s lack of MFA, prompting calls for an investigation. The agency clarified that the unauthorized access occurred via the telecom carrier and not SEC systems. The compromise allowed the intruder to reset the X account’s password.
Law enforcement is currently investigating how the unauthorized party convinced the carrier to change the SIM and how they knew the specific phone number linked to the account. The SEC is collaborating with the SEC’s Office of Inspector General, the FBI, the Commodity Futures Trading Commission, the Department of Justice, and other law enforcement entities in the ongoing investigation.