Cyber Incident Victim: U.S. Securities and Exchange Commission
Date:
Jan 2024
Location:
United States of America
Summary
The U.S. Securities and Exchange Commission's social media account was compromised when an unidentified individual obtained control of a phone number linked to the account through a third party, exploiting the absence of two-factor authentication. The unauthorized party posted a false announcement approving bitcoin exchange-traded funds, briefly spiking bitcoin prices before the agency removed the post and clarified no approvals had been granted. The incident prompted an investigation involving law enforcement and raised concerns among industry participants about potential delays in pending ETF decisions, though the compromise did not result from a breach of the social media platform's systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 9, 2024, the U.S. Securities and Exchange Commission’s official X (formerly Twitter) account was compromised by an unidentified individual who gained unauthorized access around 4:00 p.m. Eastern Time. The attacker posted a false announcement claiming the SEC had approved bitcoin exchange-traded funds (ETFs) for listing on all registered national securities exchanges, accompanied by a fabricated quote attributed to Chair Gary Gensler. The post garnered over 1 million views within 11 minutes and was widely reported by media outlets monitoring SEC communications. X’s preliminary investigation confirmed the compromise resulted from the attacker obtaining control of a phone number linked to the SEC’s account through a third party, with no breach of X’s systems involved. The SEC had not enabled two-factor authentication on the account at the time of the incident. By approximately 4:20 p.m. ET, the fraudulent post was deleted, and the SEC terminated the unauthorized access, publicly clarifying that no bitcoin ETF approvals had been granted. The agency announced it would collaborate with law enforcement to investigate the breach and related activities, though it did not confirm whether authorities had initiated an inquiry or whether the incident would affect pending ETF decisions scheduled for imminent review.
The false announcement caused immediate market disruption, with bitcoin’s price surging to approximately $48,000 before plummeting to $45,513 within minutes after the SEC disavowed the post. Crypto industry executives expressed surprise and confusion, with some anonymously voicing concerns about potential delays to ETF approvals despite widespread anticipation of imminent SEC authorization. The incident occurred as the SEC faced a January 10 deadline to decide on a joint spot bitcoin ETF proposal from Ark Investments and 21Shares, following months of speculation that marked a potential policy shift after years of rejecting similar applications. X’s disclosure about the compromised phone number and lack of two-factor authentication echoed security vulnerabilities exploited in a 2020 platform breach, where high-profile accounts were hijacked to promote cryptocurrency scams. The SEC did not disclose whether the attacker accessed additional account functions beyond posting the fraudulent message. Market analysts noted the event highlighted risks of rapid misinformation dissemination through official channels, with bitcoin’s volatility reflecting sensitivity to regulatory signals. Industry participants continued monitoring for potential impacts on the approval timeline while awaiting formal SEC announcements regarding both the hack investigation and ETF decisions.