On January 9, 2024, the US Securities and Exchange Commission (SEC) confirmed that the hack on their X account and the subsequent false approval of spot Bitcoin ETFs was a result of a “SIM swap” attack. This unauthorized access was made possible through a cell phone number linked to the SEC’s X account, which was accessed through a telecom carrier the agency uses.
Investigations into the breach are ongoing, but the SEC has stated that at the time of the hack, their two-factor authentication (2FA) feature was disabled. This was due to issues accessing the account, and it was not re-enabled until after the compromise occurred on January 9. The SEC has since re-enabled 2FA for all of its social media accounts.
The incident, which drew widespread criticism and calls for investigation, is being looked into by various regulatory and law enforcement agencies such as the FBI, Homeland Security’s Cybersecurity and Infrastructure Security Agency, the Commodity Futures Trading Commission, and the Department of Justice. The SEC’s own Division of Enforcement is also involved in the investigation.
While the SEC officially approved spot Bitcoin ETFs on January 10 and trading began on January 11, the false approval caused a sharp swing in Bitcoin’s price, reaching highs of $49k before plummeting back down. The SEC has stated that it continues to cooperate with the investigation and is working to prevent similar incidents from happening in the future.
The article also includes a statement from the SEC regarding the disabling of 2FA and the current status of its social media accounts. The agency also provided an update on the ongoing investigation, as well as a section on sharing and categories.