The US Securities and Exchange Commission (SEC) announced a new update on the account hack case. The SEC confirmed that the hack took place after an apparent “SIM swap” attack. Attackers used SEC’s phone number linked to the X account and accessed the phone number through a telecom carrier. Disabled 2 Factor Authentication (2FA) since July 2023 made attackers hack the account.
How the SEC’s X Account Was Hacked?
On January 9, 2024, just before spot Bitcoin ETF announcement day, SEC’s X account was compromised. The hackers intentionally did this to make an announcement of Bitcoin ETF approval.
However, Gary Gensler, SEC chairman alerted the audience about the account hack.
From that day, SEC staff continuously coordinated with appropriate law enforcement and federal oversight entities. On January 22, the SEC spokesperson shared an update on the case.
“The hackers obtained control over the SEC’s X account through a linked cell phone number through a SIM Swap attack”, stated SEC’s spokesperson.
SIM swapping is an approach to connect or transfer an individual’s phone number with another device without any authorization. The unauthorized party transferred SEC’s phone number to another device, to receive SMS and voice communications. In addition to this, the number of accesses via a telecom carrier and not through the SEC system. Once accessed, the hackers reset the password.
However, it is not yet clear, how the unauthorized party gets access to the SEC’s phone number. Also, law enforcement is currently investigating the same.
In short, the disabled 2FA emerged as an opportunity for hackers. Additionally, the multi-factor authentication (MFA), once enabled by SEC was disabled by X in July 2023. However, this was done at the staff’s request due to an account access issue.
After the January 9, 2024 hack, MFA was enabled for all the SEC social media accounts.
Despite all these investigations, it is not clear how the unauthorized party knew the phone number, how the anonymous telecom carrier fell for the scam, and who was behind the scam. All these questions are under investigation, as regulators including the Department of Justice, FBI, and Homeland Security are working on the case.
About Bitcoin ETFs
Despite the hacks and fake announcements, the SEC finally approved the spot Bitcoin ETF.
Bitcoin futures Exchange Traded Funds (ETFs) are pools of Bitcoin-related digital assets offered on exchanges by brokerages to be traded as ETFs. It offers exposure to the price shifts of BTC futures contracts, making it easier for individuals to dabble in digital assets investing without buying or holding BTC.
Disclaimer
This article is for informational purposes only and does not provide any financial, investment, or other advice. The author or any people mentioned in this article are not responsible for any financial loss that may occur from investing in or trading. Please do your research before making any financial decisions.
Steefan George is a crypto and blockchain enthusiast, with a remarkable grasp on market and technology. Having a graduate degree in computer science and an MBA in BFSI, he is an excellent technology writer at The Coin Republic. He is passionate about getting a billion of the human population onto Web3. His principle is to write like “explaining to a 6-year old”, so that a layman can learn the potential of, and get benefitted from this revolutionary technology.
Source: https://www.thecoinrepublic.com/2024/01/23/the-secs-x-account-underwent-a-sim-swap-attack-sec-confirmed/