SEC Chairman Gary Gensler confirmed that Twitter hackers accessed the agency’s account by compromising the associated phone number. While the attack may have rattled investors, Gensler assured everyone that no evidence points to a larger breach of SEC systems, data, equipment, or other social media accounts.
The digital corridors of Wall Street were abuzz on Tuesday, January 9 as news broke of the SEC Twitter account falling victim to a cyberattack. The perpetrator, using the platform to spread misinformation about an alleged Bitcoin ETF approval, sent panic rippling through the market.
The Securities and Exchange Commission’s official X.com account was hacked on Tuesday, posting a false announcement of spot bitcoin exchange-traded funds approval, according to a release by Chairman Gary Gensler.
Social Re-Engineering Attack
The hacker obtained control over the phone number linked to the @SECGov account and made two posts, one claiming the SEC’s approval of bitcoin ETFs and another saying “$BTC”. The hacker also liked two posts by non-SEC accounts. The second post was deleted by the hacker, but the first post remained for about half an hour before the SEC staff could remove it.
The SEC staff alerted the public on the official @garygensler account, stating that the @SECGov account had been compromised and that the SEC had not approved any bitcoin ETFs. They also posted a message on the @SECGov account, confirming that the account had been hacked. They apologized for any confusion or inconvenience caused by the unauthorized post and assured the public that the SEC takes its cybersecurity obligations seriously.
Chair Gensler Clears The Doubts
Some observers have questioned the veracity of SEC’s claims that their X account was hacked, with some presumptions that the ETF approval tweet may have been a prepared message sent before schedule. This could be due to how quickly the hacked SEC X accocount was retrieved from the hacker. Chairman Gensler offered an explanation:
“Upon becoming aware of the incident, staff in the Office of Public Affairs posted to the official @garygensler X.com account at 4:26 pm ET, alerting the public that the @SECGov account had been compromised, an unauthorized post was made, and the Commission had not approved the listing and trading of spot bitcoin exchange-traded products. Staff deleted the first unauthorized post on the @SECGov account, un-liked the two liked posts, and, at 4:42 pm ET, made a new post on the @SECGov account stating that the account had been compromised. Staff also reached out to X.com for assistance in terminating the unauthorized access to the @SECGov account. Based on information currently available, staff believe that the unauthorized access to the account was terminated between 4:40 pm ET and 5:30 pm ET.”
The Impact of the Hack
The SEC staff are coordinating with law enforcement and federal oversight entities to investigate the incident and prevent further damage. The SEC also reminded the public that the agency makes its actions public on its website, http://www.sec.gov, and not on social media channels.
The incident sparked a lot of reactions from the cryptocurrency community, the media, and the general public. Some people were amused by the seeming prank, some were outraged by the security breach, and some were disappointed by that news of the approval was false. The SEC was even accused of market manipulation by a section of observers. The SEC has since appprove spot ETFs for Bitcoin.
Gensler said that this incident was a wake-up call for the SEC and the entire financial system. He vowed to strengthen the SEC’s cybersecurity measures and to review its policies and procedures on social media use. He also reaffirmed his commitment to protect investors and promote innovation in the digital asset space. Gensler hoped that this incident would not undermine the SEC’s credibility and authority, but rather serve as a catalyst for positive change.