The SEC’s Official X Account Was ‘Compromised’ and Used to Post Fake Bitcoin News
The official X account of the United States Securities and Exchange Commission was “compromised” this afternoon, resulting in the publication of an “unauthorized” post, according to SEC chair Gary Gensler. The account, @SECGov, also said the account had been compromised.
“The SEC has determined that there was unauthorized access to and activity on the @SECGov x.com account by an unknown party for a brief period of time shortly after 4 pm ET,” an SEC spokesperson said in a statement to WIRED. “That unauthorized access has been terminated. The SEC will work with law enforcement and our partners across government to investigate the matter and determine appropriate next steps relating to both the unauthorized access and any related misconduct.”
While X did not respond to WIRED's request for comment, the company confirmed the breach of the @SECGov account in a post on X. “We can confirm that the account @SECGov was compromised and we have completed a preliminary investigation. Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party,” the company wrote. “We can also confirm that the account did not have two-factor authentication enabled at the time the account was compromised.”
The @SECGov account published a post this afternoon regarding the regulatory status of Bitcoin ETFs, a financial product that would allow people to invest in bitcoin like standard stocks. The post, which also included an image with an apparently fake quote from Gensler, has since been deleted.
The fake post appeared to lead to a brief spike in Bitcoin’s value of around 2.5 percent, to nearly $47,870, before crashing around 3.2 percent from its original price.
Following news of the SEC's compromised account, US senator Bill Hagerty said in a post on X that Congress should investigate the incident.
“Just like the SEC would demand accountability from a public company if they made such a colossal market-moving mistake, Congress needs answers on what just happened,” Hagerty, a Tennessee Republican, wrote. “This is unacceptable.”
This is at least the second high-profile compromise of an X account in recent days. Mandiant, a leading cybersecurity firm now owned by Google, had its X account hacked on January 3. A scammer used their access to post a malicious link in an attempt to steal cryptocurrency from victims.
X owner Elon Musk’s aggressive slashing of the company's staff has, over the past year, raised fears that the cuts would leave X (formerly Twitter) unable to secure a platform depended on by users that include high-profile figures and government agencies worldwide. One former Twitter information security official sued Musk and others for alleged wrongful termination after he was fired for, he claims in the lawsuit, arguing that the staff cuts would interfere with X’s ability to comply with a 2011 consent decree with the US Federal Trade Commission to protect users’ personal information.
Gloss