SEC Says SIM Swap Enabled Hacker to Access X Account,

The SEC says hackers accessed its Twitter account via a SIM swap attack, with disabled multi-factor authentication allowing them to tweet fake bitcoin approval and cause crypto market swings.

Key Insights

  • The SEC said a SIM swap attack allowed hackers to gain access to its official Twitter account and post a fake bitcoin ETF approval tweet on Jan 9.
  • Multi-factor authentication had been disabled on the account after access issues, leaving it vulnerable to the password reset by hackers.
  • Elon Musk and Twitter mocked the agency over the incident, though Twitter says its systems were not breached in the attack.

WASHINGTON – The U.S. Securities and Exchange Commission (SEC) revealed on Monday that a SIM swap attack led to the breach of its official  X (Formerly Twitter) account earlier this month.

On Jan. 9, an unauthorized party gained access to the @SECGov X handle and posted a fabricated message stating that the agency had approved the first spot bitcoin exchange-traded fund (ETF). The fake news briefly sent bitcoin prices surging to nearly $48,000 before falling below $46,000 when the SEC clarified no approval had been given.

The SEC said an investigation found that two days after the incident, the hacker obtained control of the SEC phone number linked to the X account in an apparent SIM swap attack. The agency’s telecommunications provider enabled the SIM swap, which allows a phone number to be moved to a new device without the owner’s consent.

With control of the phone number, the hacker reset the account password and bypassed two-factor authentication – which was disabled in July at the SEC’s request due to login issues.

SEC Chair Gary Gensler has faced criticism for the security lapse. Billionaire Elon Musk, who frequently spars with regulators, mocked the agency over the hack. The breach also highlighted Twitter’s ongoing vulnerabilities after recent upheaval at the company.

While the hacker did not access any non-public SEC systems or data, the unauthorized bitcoin post temporarily moved crypto markets and cast a shadow over an agency already grappling with technological change.

The SEC did not identify the perpetrator but said multiple law enforcement entities are investigating how the individual executed the SIM swap and knew which phone number to target.

Samson Ononeme

Meet Samson Ononeme, a dynamic writer, editor, and CEO of marketsxplora.com. With a passion for words and a sharp business acumen, he captivates readers with captivating storytelling and delivers insightful market analysis.

Leave a Reply

Your email address will not be published. Required fields are marked *