SEC reveals SIM swap attack behind false Bitcoin ETF approval announcement
A SIM swap attack on the U.S. SEC’s Twitter account led to a false tweet about Bitcoin ETF approval, briefly disrupting the cryptocurrency market.
On Jan. 10, the U.S. Securities and Exchange Commission (SEC) experienced a cybersecurity breach, resulting in a misleading tweet about spot Bitcoin ETFs from its official account. This incident, caused by a SIM swap attack, briefly stirred confusion in the cryptocurrency markets.
The SEC explained the situation in a statement: “The unauthorized party obtained control of the SEC cell phone number associated with the @SECGov account in an apparent ‘SIM swap’ attack.” This allowed the attacker to reset the Twitter account’s password and post the false announcement.
The SEC also admitted that multi-factor authentication, a crucial security feature, was disabled for its Twitter account since July 2023. This decision contrasts with the general cybersecurity recommendations previously endorsed by SEC Chairman Gary Gensler.
The impact of the false tweet was significant yet temporary. Cryptocurrency markets reacted sharply, highlighting the sensitivity of these markets to regulatory news. However, the situation was quickly rectified with the SEC and Gensler follow-up clarifications. The official approval of spot Bitcoin ETFs was announced the next day.
The incident has drawn attention from lawmakers, including Senators J.D. Vance and Thom Tillis, who expressed concerns about the SEC’s cybersecurity measures.