The value of one bitcoin suddenly gained more than USD1,000 after hackers seized control of a phone number belonging to the US Securities and Exchange Commission (SEC) and used it to compromise the regulator’s account on X, formerly known as Twitter. The hackers posted a message to X on Tuesday that claimed the SEC…
…grants approval for #Bitcoin ETFs for listing on all registered national securities exchanges
ETFs stands for exchange-traded funds, a type of vehicle that allows investors to bet on assets like stocks, bonds, currencies or gold without having to buy them directly. The SEC regained control of their X account a little while later and deleted the bogus message. Meanwhile, SEC Chair Gary Gensler used his personal X account to refute the hackers’ claim.
The @SECGov twitter account was compromised, and an unauthorized tweet was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products.
— Gary Gensler (@GaryGensler) January 9, 2024
The fraudulent message encouraged the value of Bitcoin to rise more than 2 percent within just a few minutes, but that gain was reversed within the following quarter of an hour as the truth became apparent. However, prevention is better than cure, especially when it comes to fraud. Many questions will be asked about how the hackers were able to subvert an SEC phone number and then use it to post to an official social media account. X were keen to avoid any blame, insisting that the hijack of the SEC phone had not involved the compromise of any of X’s systems. They added that the SEC had not implemented two-factor authentication for their X account.
We can confirm that the account @SECGov was compromised and we have completed a preliminary investigation. Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number…
— Safety (@Safety) January 10, 2024
The mind boggles at how the SEC could have such lax security that they did not implement two-factor authentication for their social media account. Fraudsters have repeatedly used stolen and bogus social media accounts to launch cryptocurrency scams or pump up the valuation of specific cryptocurrencies, but it apparently did not occur to anybody working at the SEC’s security team that their own accounts might be targeted. Well-known cryptocurrency crime investigator ZachXBT was quick to mock the SEC Chair by repeating his own words back to him.
Hi @GaryGensler this is a reminder to secure your financial accounts as well as protect against identity theft and fraud.
Remember to:
🔒Use strong passphrases or passwords
🔒Set up multifactor authentication
🔒Keep account alerts turned on#CybersecurityAwarenessMonth pic.twitter.com/KBNOV3KhAJ— ZachXBT (@zachxbt) January 10, 2024
One security consultant told nft now that ‘sources’ had informed him that a SIM swap was used to compromise the SEC’s phone. However, the anonymous nature of the source makes this claim impossible to verify. Even if true, it could just be a lucky guess about a method that cryptocurrency fraudsters have repeatedly used with great success.
Ironically, the hackers’ message was correct just one day later when the SEC genuinely approved the first spot bitcoin ETFs. However, the speed of news in cryptocurrency circles means millions can be gained or lost within minutes, which is why fake news is so dangerous.
The moral of the story is plain: prevent your phone becoming a gateway for crime by implementing a robust method of two-factor authentication that is independent of the phone service. And the other moral is that regulators should practice what they preach to the rest of us.



