SIM Swap Hack Compromises SEC Twitter Account, Leads to False Bitcoin ETF Announcement

SIM Swap Hack Compromises SEC Twitter Account, Leads to False Bitcoin ETF Announcement

Crypto News – In a surprising turn of events, the X safety team (formerly known as Twitter’s safety team) has disclosed that the U.S. Securities and Exchange Commission‘s (SEC) recent announcement of a Bitcoin ETF approval was not genuine, but rather the result of a SIM swap attack. This alarming revelation came after a preliminary investigation by the team.

The incident, which sent shockwaves through the cryptocurrency markets, was attributed to the lack of two-factor authentication (2FA) on the SEC’s main account on X, a vulnerability that the hacker exploited to gain unauthorized access.

On January 10th, X’s safety page released a statement explaining that the security breach stemmed from an unidentified individual gaining control of the phone number linked to the @SECGov account. This method, known as a SIM swap hack, involves manipulating a telecommunications provider to reassign the victim’s phone number to a new SIM card, effectively granting the hacker access to the victim’s digital accounts.

The X safety team emphasized that their systems were not compromised; instead, the breach occurred due to the third-party interception of the phone number. The absence of two-factor authentication on the SEC’s account at the time of the attack compounded the issue.

SIM swap hacks are a sophisticated form of identity theft, allowing attackers to bypass security measures of various accounts, including social media, banking, and cryptocurrency services. In this scenario, the hacker likely persuaded a third-party telecom provider to transfer control of the phone number associated with the SEC’s account. With knowledge of the associated email address, the hacker could reset the account’s password and access the SEC’s official X page.

The incident prompted a witty response from blockchain detective ZachXBT, who humorously repackaged SEC Chair Gary Gensler’s previous advice on social media security.

U.S. Senators J.D. Vance and Thom Tillis addressed a letter to Gensler on January 9th, criticizing the SEC for its inadequate security measures and demanding a detailed explanation of the breach within four days.

The senators expressed deep concern over the SEC’s internal cybersecurity protocols, highlighting the contradiction between this incident and the Commission’s mission to protect investors. They joined a chorus of calls from Congress members for greater transparency and an official investigation into the matter.

Senator Bill Hagerty argued that if a similar error had been committed by a private entity, the SEC would have undoubtedly called for an investigation. Echoing this sentiment, Senator Cynthia Lumiss demanded clarity on such “fraudulent announcements.”

CNBC says "X was hacked", this is not a true statement. pic.twitter.com/4AseAQuvrk

— Christopher Stanley (@cstanley) January 10, 2024

Elon Musk, the owner of X and CEO of Tesla, also weighed in on the situation. He refuted claims made on CNBC that the hack was a result of a breach in X’s internal systems. Musk, known for his candid remarks, also humorously suggested that the SEC’s password might have been “LFGDogeToTheMoon,” showcasing his characteristic blend of humor and critique of traditional media narratives.