Twitter has pushed back against claims the platform was to blame for a fraudulent tweet sent by the U.S. Securities and Exchange Commission’s account that falsely announced the approval of 13 spot Bitcoin ETFs on Tuesday.
Following a preliminary investigation into the compromised account, Twitter’s Safety team said that, “the compromise was not due to any breach of X’s systems but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party.”
Twitter Safety also highlighted in its tweet that the SEC’s account did not have two-factor authentication enabled at the time of the hack, a security measure that SEC chair Gary Gensler had previously recommended as protection against identity theft and fraud. The Safety team added, “We encourage all users to enable this extra layer of security.”
While the world waited to see if a spot Bitcoin ETF would finally be approved Tuesday afternoon, the “compromised” SEC Twitter account said the approvals had all gone through. The price of Bitcoin tumbled from a two-year high of $47,680 to nearly $45,500.
After the fraudulent tweet was taken down, Gensler said the SEC had not approved any pending Bitcoin ETFs.
“The [SEC] Twitter account was compromised, and an unauthorized tweet was posted,” the SEC chair tweeted. “The SEC has not approved the listing and trading of spot bitcoin exchange-traded products.”
Late Tuesday, the SEC confirmed “unauthorized access and activity” on the SEC’s Twitter account, telling Decrypt that the person/persons responsible for the unauthorized access was terminated.
“The SEC will work with law enforcement and our partners across government to investigate the matter and determine appropriate next steps relating to both the unauthorized access and any related misconduct,” a statement from the regulator continued.
While Twitter did not give more specifics about its findings, some on the site suggested the attacker might have engaged in SIM jacking, also known as SIM swapping. In this malicious attack, a hacker tricks a mobile provider into transferring a victim’s phone number to a SIM card controlled by the hacker, allowing access to the victim’s phone calls, messages, and potentially online accounts.
Last January, trading platform Robinhood’s Twitter account was compromised through a SIM jacking attack and was used to promote a fake token and NFT scam.
Others suggested an SEC employee could have fallen victim to social engineering, a psychological attack that aims to deceive individuals into revealing confidential information.
Stay on top of crypto news, get daily updates in your inbox.
Source: https://decrypt.co/212251/twitter-safety-compromised-sec-account-posted-fake-bitcoin-etf-tweet-didnt-enable-2fa