Your daily briefing of some of the most important stories from the crypto, finance, and tech space.
SEC Account "Compromised" Due To Lack Of 2FA
The securities regulator was the victim of a security breach, which could have been prevented with basic safety measures.
Yesterday, the SEC's Twitter/X account posted an announcement that Bitcoin spot ETFs had been approved. This was unexpectedly early, and an unusual medium for the announcement (the SEC's website would be the norm) but the use of an official account and wording characteristic of the agency made it highly believable.
It was, however, inaccurate, as SEC Chair Gary Gensler quickly posted from his own account. (The offending post has since been deleted.)
The news fooled some of the biggest accounts and organizations in the space, who reposted it and published articles. Moreover, the market reacted, with bitcoin briefly touching almost $48,000, before falling to $45,000.
There is no sign that the unauthorized tweet was due to a hack. The message looks very much like a draft post created by the SEC's officials, which was accessed and made live early (rather than the typical hacker-style post with poor English and basic formatting). In short, it didn't just look like an official update: It probably was the expected update, albeit one that saw the light of day too soon.
X's Safety team later confirmed that the breach had occurred when a phone number belonging to the SEC was used to access the platform. This Sim Swap attack could have been avoided if the owner had used two-factor authentication.
A Securities Regulator Who Doesn't Understand Security
The episode will be highly embarrassing to the SEC, whose lack of security processes enabled the authorized tweet. The regulator exists to protect consumers, but that is exactly the opposite of what occurred: Over a billion dollars of open interest were wiped out as the price of BTC gyrated first up, then down.
Numerous critics pointed out that the SEC should investigate itself for market manipulation. Two US Senators have demanded a report to Congress from the agency explaining what happened.
Given the amount of money lost, and the fact that the SEC should hold itself to a higher standard, it's possible there will be more lawsuits coming in the days ahead.
Meanwhile, approval of the BTC ETFs is all but certain in the coming hours, as the "unauthorized" post shows.
Subscribe to our newsletter and follow us on X/Twitter.