Hacker Seized SEC Phone Number to Post Fake Bitcoin ETF Approval, X Says

The Securities and Exchange Commission (SEC) did not employ basic security measures on its X (formerly Twitter) account when it was "compromised" to spread false bitcoin ETF news, according to the social media company.

Late Tuesday, X's Safety team said it had completed its "preliminary investigation" into the SEC's market-moving, false post on approval of bitcoin ETF applications, which the regulator blamed on its "compromised" account.

"The compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party," X's Safety account posted.

The explanation seemingly rules out an "inside job" or "fat finger" theory of the midday post, which pumped the price of bitcoin and then crashed it before SEC Chair Gary Gensler announced the post was phony.

But it raises new questions about basic security measures being taken by the SEC, the most powerful investment regulator in the U.S. and one whose statements are closely watched, and traded on. Gensler himself has previously encouraged investors to take their security seriously.

This is a reminder to secure your financial accounts as well as protect against identity theft and fraud.

Remember to:
🔒Use strong passphrases or passwords
🔒Set up multifactor authentication
🔒Keep account alerts turned on#CybersecurityAwarenessMonthhttps://t.co/qitGkujLxD

— Gary Gensler (@GaryGensler) October 24, 2023

"We can also confirm that the account did not have two-factor authentication enabled at the time the account was compromised. We encourage all users to enable this extra layer of security," X posted.

An SEC spokesperson did not immediately return a request for comment on the statement.

“turns out the sec was worried about the wrong security” pic.twitter.com/NAComcTcSH

— twicrates 5’8.375 (@twicrates) January 9, 2024