In a startling revelation, the safety team at X, formerly known as Twitter, has uncovered a significant security breach involving the United States Securities and Exchange Commission (SEC). Shockingly, the SEC’s main X account lacked two-factor authentication (2FA), providing an opening for a hacker to infiltrate and manipulate it.
The aftermath of this breach sent shockwaves through the crypto markets, triggered by a false approval of a spot Bitcoin exchange-traded fund (ETF) posted on the SEC’s official account on the X platform.
SIM Swap Hack Exposed
According to X’s safety team, the breach occurred due to an unidentified actor gaining control of the phone number associated with the @SECGov account, using it for unauthorized access. This type of security exploit is commonly known as a SIM swap hack, where an attacker takes over a victim’s phone number to access sensitive accounts, including social media, banking, and cryptocurrencies.
The safety team clarified that the compromise was not a result of any vulnerabilities in X’s systems but rather stemmed from an individual obtaining control over the SEC’s account phone number through a third party. Shockingly, the account did not have 2FA enabled at the time of the breach.
Blockchain expert ZachXBT humorously referenced SEC Chair Gary Gensler’s prior advice on social media security in response to X’s safety post, emphasizing the importance of robust cybersecurity measures.
Senators Demand Accountability
United States Senators J.D. Vance and Thom Tillis expressed their dismay in a letter to Gensler, criticizing the agency’s lack of operational security. They demanded an explanation for the incident within four days, raising serious concerns about the Commission’s internal cybersecurity procedures.
This letter joined a chorus of calls for transparency, with other members of Congress insisting on an official investigation into the breach. Senator Bill Hagerty underscored the severity of the situation, stating that Congress needs answers and accountability, akin to how the SEC would investigate a market-moving mistake by a public company.
Senator Cynthia Lumiss added her voice to the demands for transparency, specifically focusing on investigating “fraudulent announcements.”
Musk Denies Internal Breach
X’s owner and Tesla CEO Elon Musk refuted claims that the SEC hack resulted from X’s internal systems being breached. Musk dismissed these assertions as how “legacy media runs” and earlier playfully suggested that the SEC password was “LFGDogeToTheMoon.”
The incident has ignited a broader conversation about the need for stringent cybersecurity measures, not only within governmental agencies like the SEC but also across the digital landscape, where cyber threats continue to evolve.
