SEC Reveals Multi-Factor Authentication Disabled Before False ETF Approval Post

Bitget App

Trade smarter

Bitget

News

Cryptopotato2024/01/23 21:43

By:Wayne JonesMore posts by this author

Unauthorized party gained access of the SEC cell phone number associated with the X account via a “SIM Swap” attack.

On Monday, the Securities and Exchange Commission (SEC) disclosed that multi-factor authentication (MFA) on its X account was disabled leading up to a false post earlier this month, just before the formal approval of spot Bitcoin ETFs.

The incident occurred on Tuesday, January 9, 2024, when the SEC’s @SECGov X account was compromised, and unauthorized posts regarding the approval of spot Bitcoin exchange-traded funds emerged.

SIM Swap Attack

According to a statement released by an SEC spokesperson on January 22, It was revealed that the unauthorized party gained control of the agency cell phone number associated with the account through a “SIM swap” attack.

This technique allows transferring a person’s phone number to another device without authorization. While the SEC has confirmed that the access to the phone number occurred via the telecom carrier and not its systems, the method and motivation behind the attack are still under investigation.

We can confirm that the account @SECGov was compromised and we have completed a preliminary investigation. Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number…

— Safety (@Safety) January 10, 2024

Notably, multi-factor authentication had been disabled on the @SECGov X account in July 2023 at the staff’s request due to issues accessing the account. It remained disabled until staff reenabled it after the account was compromised. Currently, MFA is enabled for all SEC social media accounts that offer it.

This allowed the unauthorized party to post on the compromised account, falsely announcing the Commission’s approval of spot Bitcoin exchange-traded funds and liking two posts by non-SEC accounts.

SEC Reassures Public Amid Cybersecurity Breach

In its statement, the SEC has assured the public that, based on current information, there is no evidence that the unauthorized party gained access to its systems, data, devices, or other social media accounts.

The agency also emphasized its commitment to cybersecurity obligations, acknowledging concerns about the security of its social media accounts. The team is still assessing the impacts of the incident on the agency, investors, and the marketplace, with ongoing collaboration with law enforcement and federal oversight entities.

Meanwhile, the SEC has reiterated that it does not use social media channels to make its actions public, and such posts only amplify announcements made on its official website.

As the investigations continue, the SEC is committed to providing updates on the incident. It will take any necessary remedial measures to address concerns about the security of its social media accounts.

Tags: Hacking SEC

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Earn new token airdrops

Lock your assets and earn 10%+ APR

Lock now!

1. **Challenges in the Creator Economy**: Web2 content platforms suffer from issues such as opaque algorithms, non-transparent distribution, unclear commission rates, and high costs for fan migration, making it difficult for creators to control their own data and earnings. 2. **Integration of AI and Web3**: The development of AI technology, especially AI Avatar technology, combined with Web3's exploration of the creator economy, offers new solutions aimed at breaking the control of centralized platforms and reconstructing content production and value distribution. 3. **Positioning of the TwinX Platform**: TwinX is an AI-driven Web3 short video social platform that aims to reconstruct content, interaction, and value distribution through AI avatars, immersive interactions, and a decentralized value system, enabling creators to own their data and income. 4. **Core Features of TwinX**: These include AI avatar technology, which allows creators to generate a learnable, configurable, and sustainably operable "second persona", as well as a closed-loop commercialization pathway that integrates content creation, interaction, and monetization. 5. **Web3 Characteristics**: TwinX embodies the assetization and co-governance features of Web3. It utilizes blockchain to confirm and record interactive behaviors, turning user activities into traceable assets, and enables participants to engage in platform governance through tokens, thus integrating the creator economy with community governance.

BlockBeats•2025/11/22 11:23

Empowered by AI Avatars, How Does TwinX Create Immersive Interaction and a Value Closed Loop?

Aster CEO explains in detail the vision of Aster privacy L1 chain, reshaping the decentralized trading experience

Aster is set to launch a privacy-focused Layer 1 (L1) public chain, along with detailed plans for token empowerment, global market expansion, and liquidity strategies.

BlockBeats•2025/11/22 11:22