SEC Confirms MFA Deactivation Led to Jan 9 X Account Breach, Impacting Cryptocurrency Market and Triggering False Bitcoin ETF Approval News.
The SEC, representing the United States, has issued a statement acknowledging a security compromise on its official X account (previously Twitter), detailing a SIM swap attack as the cause of the breach.
On January 9, an unauthorized entity acquired control of the @SECGov handle, erroneously proclaiming the SEC’s approval of the inaugural spot bitcoin exchange-traded funds, thus committing this security breach.
Market Effects of Cryptocurrencies
Immediate fluctuations ensued in the cryptocurrency market after the false tweet. Bitcoin’s value peaked at around $48,000 prior to falling below that level when the SEC revoked the Bitcoin ETF’s approval.
Subsequent investigations unveiled that a SIM exchange enabled the compromise, as it facilitated the unauthorized transfer of the victim’s phone number to an alternative device.
Consequently, the assailant could intercept SMS messages and phone conversations, which ultimately led to resetting the account’s password. The problem was further exacerbated by the lack of two-factor authentication (MFA) on the SEC’s account, which had been deactivated since July 2023 due to access issues. MFA is an essential security measure.
Responses And Reactions
The proprietor of X, Elon Musk, a longtime critic of the SEC, ridiculed the incident. X, on the contrary, denies being responsible for any system breach.
In the interim, the SEC they verified insufficient evidence to suggest that their other systems, data, or devices had been compromised. The breach was confined to the telecommunications provider, prompting an extensive inquiry encompassing various federal and law enforcement organizations.
SEC’s Security Measures
After the incident, the SEC has reactivated MFA for all its social media accounts. This action demonstrates an increased recognition of the vulnerabilities associated with digital security and the critical nature of implementing solid safeguards to protect sensitive data, especially for influential government organizations.
Furthermore, the intrusion is being investigated by numerous federal and law enforcement agencies, including the FBI and Department of Homeland Security. By doing so, they hope to determine how the assailant convinced the telecommunications provider to perform the SIM switch and how they obtained the precise phone number associated with the SEC’s account.
