SEC's Security Lapse on X: A Six-Month Open Door for Hackers

Jonathan Stoker Jan 22, 2024, 23:20pm 185 views

SEC's Security Lapse on X: A Six-Month Open Door for Hackers

SEC Acknowledges SIM Swap Attack on Agency's Cell Phone

The United States Securities and Exchange Commission (SEC) has confirmed that a hacker managed to gain control over an agency-associated cell phone, compromising its X account. The perpetrator exploited this access to disseminate false information about the approval of spot bitcoin exchange-traded funds (ETFs).

Account Compromised Through Telecom Carrier

The SEC revealed that the hacker executed a SIM swap attack which enabled them to take control of the phone linked to the X account. Leveraging this access, the hacker falsely tweeted that the SEC had given the green light for spot bitcoin ETFs on January 9, a full day before the actual approval. The SEC clarified that the breach occurred via the telecom carrier, not through the SEC's systems. The identity of the telecom carrier remains unknown.

Disabling of Multi-factor Authentication

In an unfortunate turn of events, the SEC had deactivated multi-factor authentication for the account back in July 2023 due to access issues. This security measure has since been reinstated. The hacker's misleading post on X led many to incorrectly believe that the SEC had already approved the ETFs, causing an unexpected market reaction. The false news was promptly debunked as a hack.

Investigation into the Breach

After gaining control of the phone number, the hacker was able to reset the password for the @SECGov account. Law enforcement agencies are probing how the hacker persuaded the carrier to change the SIM for the account and how they knew the phone number linked to the account. Following the breach, the SEC promptly moved to approve bitcoin ETFs.

Statement from X Regarding the Incident

X, previously known as Twitter, issued a statement on the incident two weeks ago. The platform corroborated the SEC's narrative, stating that the breach occurred due to a third party gaining control over the phone number associated with the @SECGov account, rather than a breakdown in X's systems.

Ongoing Investigations

Several oversight and law enforcement agencies including the Federal Bureau of Investigation, Department of Homeland Security, Commodity Futures Trading Commission, and the Department of Justice are collaborating with the SEC in the ongoing inquiry.

Prevalence of SIM Swap Attacks

SIM swap attacks have become a significant concern in the crypto space, with hackers primarily using them to gain access to victims' phone numbers and steal their crypto holdings. For instance, Friend.Tech users were targeted in a similar attack last year, resulting in the theft of users' ether holdings.

Edited by Jonathan Stoker

How do you like the article?

Join the discussion on

You may also like

Advertisement

Articles in same category

Advertisement

Coins in same category

Advertisement

Join our community

Help moderate our articles, rate content and show your support!

We want you to be part of the first automated crypto-magazine.

Join us today