The Securities and Exchange Commission (SEC) on Monday disclosed the unsettling details surrounding a fake tweet sent from the agency’s official account on Jan. 9. The tweet falsely announced the approval of spot Bitcoin BTC/USD ETFs and was the result of a “SIM swap” attack.
The erroneous tweet, which was released after the markets closed on Jan. 9, initially sparked celebration on social media. However, discrepancies emerged when no supporting filings and updates were found on the SEC’s website. SEC Chair Gary Gensler promptly clarified via his account that the SEC’s account had been “compromised,” and no ETFs had been approved.
The incident triggered varied reactions, with some in the crypto community drawing attention to the SEC’s prior guidance on cybersecurity. Lawmakers from both political parties demanded an investigation in the wake of the hack.
The SEC is currently investigating how the hacker managed to persuade the carrier to switch the SIM associated with the SEC’s account, as well as how the hacker obtained the linked phone number, as per Fortune’s report.
SIM swaps generally involve cybercriminals convincing a mobile service provider to transfer control of a phone number to a new SIM card, thereby enabling them to reset passwords and hijack accounts.
This type of attack is not uncommon in the crypto world. In September, Ethereum ETH/USD co-founder Vitalik Buterin lost access to his account, leading to over $691,000 being stolen from his followers through a malicious link.
An SEC spokesperson revealed that multifactor authentication was enabled on its account but had to be removed in July due to access issues. The feature has since been reinstated on all SEC social accounts where possible.
In its official statement, the SEC confirmed its cooperation with various law enforcement and federal oversight agencies, including the FBI, the Department of Homeland Security, and the Department of Justice, in resolving the issue.
The spokesperson also stated that there is no evidence the hacker accessed any SEC systems, data, devices, or other social platforms.
