SEC Account "Compromised" Due To Lack Of 2FA

The securities regulator was the victim of a security breach, which could have been prevented with basic safety measures.

How will the SEC live this down?

Yesterday, the SEC's Twitter/X account posted an announcement that Bitcoin spot ETFs had been approved. This was unexpectedly early, and an unusual medium for the announcement (the SEC's website would be the norm) but the use of an official account and wording characteristic of the agency made it highly believable.

It was, however, inaccurate, as SEC Chair Gary Gensler quickly posted from his own account. (The offending post has since been deleted.)

The news fooled some of the biggest accounts and organizations in the space, who reposted it and published articles. Moreover, the market reacted, with bitcoin briefly touching almost $48,000, before falling to $45,000.

"Compromised" Account

There is no sign that the unauthorized tweet was due to a hack. The message looks very much like a draft post created by the SEC's officials, which was accessed and made live early (rather than the typical hacker-style post with poor English and basic formatting). In short, it didn't just look like an official update: It probably was the expected update, albeit one that saw the light of day too soon.

X's Safety team later confirmed that the breach had occurred when a phone number belonging to the SEC was used to access the platform. This Sim Swap attack could have been avoided if the owner had used two-factor authentication.

A Securities Regulator Who Doesn't Understand Security

The episode will be highly embarrassing to the SEC, whose lack of security processes enabled the authorized tweet. The regulator exists to protect consumers, but that is exactly the opposite of what occurred: Over a billion dollars of open interest were wiped out as the price of BTC gyrated first up, then down.

Numerous critics pointed out that the SEC should investigate itself for market manipulation. Two US Senators have demanded a report to Congress from the agency explaining what happened.

Given the amount of money lost, and the fact that the SEC should hold itself to a higher standard, it's possible there will be more lawsuits coming in the days ahead.

Meanwhile, approval of the BTC ETFs is all but certain in the coming hours, as the "unauthorized" post shows.

Subscribe to our newsletter and follow us on X/Twitter.

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to REX Wire.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.