The official X account of the U.S. Securities and Exchange Commission (SEC) was compromised when it posted the fake spot Bitcoin ETF approval announcement, X has confirmed.
Upon completing a preliminary investigation, X confirmed that the compromise did not stem from any vulnerability in their systems. Instead, an unidentified individual gained control over a phone number associated with the SEC account through a third party.
We can confirm that the account @SECGov was compromised and we have completed a preliminary investigation. Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number…
— Safety (@Safety) January 10, 2024
It was also revealed that the account lacked two-factor authentication (2FA) at the time of the breach, emphasizing the importance of users enabling this additional security layer.
Despite assurances from X regarding the source of the compromise, concerns were raised by U.S. senators and representatives, labeling the incident as a potential case of market manipulation. U.S. Senator Bill Hagerty decried the situation as “unacceptable,” demanding accountability similar to what the SEC would expect from a public company making a significant market-moving error.
Just like the SEC would demand accountability from a public company if they made such a colossal market-moving mistake, Congress needs answers on what just happened. This is unacceptable. https://t.co/tWtLqHtqpu
— Senator Bill Hagerty (@SenatorHagerty) January 9, 2024
U.S. Senator Cynthia Lummis echoed the sentiment, urging the securities regulator to provide transparency into the events leading to the false post. Charles Gasparino of Fox