SEC Clarifies False Bitcoin ETF Approval Post Following Account Hack

• Unauthorized Access Leads to Fake Bitcoin ETF Announcement on SEC's Social Media Account
• Details of the Security Breach
• Immediate Response by SEC
• The SEC's Response to the Cybersecurity Incident

Unauthorized Access Leads to Fake Bitcoin ETF Announcement on SEC's Social Media Account

According to a recent statement, the U.S. Securities and Exchange Commission (SEC) had its X account hacked, resulting in a false announcement of the regulator's approval of a spot bitcoin exchange-traded fund (ETF).

Details of the Security Breach

Information reveals that an unauthorized entity gained control of the @SECGov X.com account on Tuesday, January 9, 2024, after 4:00 pm ET. This was accomplished by seizing the phone number linked to the social media account. The intruder posted twice on the account, with the first post falsely announcing the approval of a spot bitcoin ETF. The second post, made roughly two minutes later, was a single cryptic message: $BTC. Although the $BTC post was eventually deleted, the initial fraudulent announcement remained.

Immediate Response by SEC

The unauthorized user also interacted with two posts from non-SEC accounts using the @SECGov account. The SEC staff promptly reacted upon noticing the breach, informing the public via the official @garygensler X.com account at 4:26 pm ET. This alert clarified the unauthorized access to the SEC's account, the false announcement, and explicitly stated that no approval had been given for the trading and listing of spot bitcoin ETFs.

The first unauthorized post was deleted from the @SECGov account. The two liked posts were unliked. A new post went up on the @SECGov account at 4:42 pm ET, confirming the account's compromise. The SEC staff also contacted X.com seeking help to terminate the unauthorized access to their social media account. Based on the information available, it's believed that the unauthorized access was ceased between 4:40 pm ET and 5:30 pm ET.

The SEC's Response to the Cybersecurity Incident

The SEC is known for its strict adherence to cybersecurity regulations. The Commission, while assessing the incident's impact on investors and the marketplace, acknowledges concerns regarding its social media accounts' security. The team will evaluate the need for any additional remedies.

Coordinated efforts are ongoing with the SEC's Office of Inspector General, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and other relevant federal oversight agencies. Further updates will be provided as the investigation progresses.

It's crucial to note that the Commission's actions are made public only through its official website, http://www.sec.gov. Social media accounts are merely used to amplify announcements originally published on the website.

Edited by Jonathan Stoker