- The SEC has uncovered the cause of the attack on its social media account.
- The breach resulted in a deceptive post falsely proclaiming Bitcoin ETF approval.
- The commission’s investigation into the incident is ongoing.
The persistent threat of cyberattacks has presented a continual challenge to the crypto industry’s security level, leading to unauthorized takeovers and, at times, causing substantial losses for investors. However, this vulnerability also extends to major financial giants and industry regulators despite the stringent requirements they have imposed on such firms.
A day before the official approval of Bitcoin ETFs on January 10, a false post announcing the long-awaited nod was made to the SEC’s X account. SEC Chair Gary Gensler refuted the news, asserting that the tweet was deceptive and had been facilitated by an unauthorized third party.
In efforts to uncover the cause of the breach, the commission launched an investigation and has now released its findings.
SEC SIM Swap Shenanigans
On Monday, January 22, a spokesperson from the Securities and Exchange Commission (SEC) revealed that the commission had determined the cause of its account breach to be the notorious SIM Swap method.
Sponsored
SIM swapping is a technique in which an attacker transfers a person’s phone number to another device without authorization. This enables the unauthorized third party to receive voice and SMS communications associated with that number.
The SEC disclosed that a decision was made to remove the multi-factor authentication (MFA) associated with the account six months prior, leaving the account susceptible. An unauthorized party with access to the cell phone number associated with the X account could facilitate a password reset.
Sponsored
“While multi-factor authentication (MFA) had previously been enabled on the @SECGov X account, it was disabled by X Support, at the staff’s request, in July 2023 due to issues accessing the account,” the spokesperson emphasized.
The commission emphasized there was no evidence that the unauthorized party gained access to the agency’s systems, data, or other accounts, emphasizing that the multi-factor authentication has since been reinstated to prevent similar damages in the future.
Is the SEC Slipping Up?
The January 9 X account breach raised questions about the reliability of the SEC, even drawing a wave of mockery from prominent figures such as X CEO Elon Musk.
This shortcoming aligns with the growing sentiment among some lawmakers that the SEC has been negligent in prioritizing crucial elements for enforcing regulations within the financial industry. Instead, it appears to be more focused on imposing sanctions on exchanges, constituting a drain on the United States.
The severity of the SEC’s security lapse prompted an investigation by the Federal Bureau of Investigation (FBI) to uncover the nature of the security breach and assess potential insider involvement.
U.S. Senators Ron Wyden and Cynthia Lumis also urged the Inspector General to investigate the security lapse at the SEC and its failure to comply with optimal cybersecurity practices.
On the Flipside
- Ironically, the very institution tasked with enforcing security measures in the financial industry found itself vulnerable to a significant security breach.
- U.S. lawmakers have called for the ousting of the present SEC Chair, Gary Gensler.
- The SEC remains entangled in its year-long legal dispute with crypto exchange Binance.
Why This Matters
While the SEC’s account breach highlights a certain degree of negligence on the commission’s part, it underscores the persistence of threat actors and the necessity for improved cybersecurity practices across the broader industry to guarantee investor protection.
The year-long SEC-Binance battle is amping up; find out more:
Here’s Why Tense Binance SEC Court Drama May End in a Split
Read more on the SEC’s investigation into a famed crypto-investing firm:
B. Riley Faces SEC Probe Over Alleged Securities Fraud
