Addition SEC statement added below.
The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges.
The announcement came this afternoon in a now-deleted tweet from the SEC's hacked X account.
"Today the SEC grants approval to Bitcoin ETFs for listing on registered national security exchanges," read the fake X post.
"The approved Bitcoin ETFs will be subject to ongoing surveillance and compliance measures to ensure continued investor protection."
The tweet included an image of SEC Chairperson Gary Gensler with a quote promoting the alleged approval.
The news quickly spread, with many cryptocurrency and mainstream news sites covering the story and Bitcoin prices briefly spiking.
However, Bitcoin's jump in price was shortlived as it pulled back on news that the SEC's account on X was hacked to spread the fake news.
"The @SECGov twitter account was compromised, and an unauthorized tweet was posted," tweeted SEC Chairperson Gensler.
"The SEC has not approved the listing and trading of spot bitcoin exchange-traded products."
This was further confirmed by an SEC spokesperson who told BleepingComputer that the "unauthorized tweet regarding bitcoin ETFs was not made by the SEC or its staff."
BleepingComputer contacted the SEC with further questions about how they were breached and if 2FA was enabled on the account.
X has been overwhelmed by a massive wave of account breaches over the past month, as numerous verified organizations have been hacked to spread cryptocurrency scams and links to wallet drainers.
Yesterday, the Netgear and Hyundai MEA X accounts were hacked to promote fake cryptocurrency sites that stole cryptocurrency from wallets that connect to the Web3 site.
Web3 security firm CertiK was also hacked last Friday to promote a wallet drainer, and cybersecurity firm Mandiant was hijacked on Wednesday, even though it had two-factor authentication enabled.
In addition to account hijacks, threat actors have taken to X's advertising platform to create what feels like an endless stream of malicious advertisements promoting crypto scams and sites pushing wallet drainers.
Update 1/9/24 6:33 PM ET: While the SEC has not responded to our question about whether 2FA was enabled on the account, they sent BleepingComputer this additional statement.
"The SEC has determined that there was unauthorized access to and activity on the @SECGov x.com account by an unknown party for a brief period of time shortly after 4 pm ET. That unauthorized access has been terminated. The SEC will work with law enforcement and our partners across government to investigate the matter and determine appropriate next steps relating to both the unauthorized access and any related misconduct."
Comments
RobCrypto - 1 month ago
Has the SEC folks not heard of multi-factor authentication?
X even support hardware-based security keys for high grade security.
This never would have happened if they had this enabled.
AutomaticJack - 1 month ago
likely shared accounts which makes mfa harder to manage.
DyingCrow - 1 month ago
Dunno, but all these high profile accounts being compromised look like an inside job.
AutomaticJack - 1 month ago
probably just poorly secured or just exploiting a gap in twitterX god knows there are likely lots these days :-/
AutomaticJack - 1 month ago
$900m profit is a pretty decent day for an insider trader ;) #godspeed