The Securities and Exchange Commission (SEC) revealed on Monday that a “SIM swap” attack was the cause of an unauthorized social media post on X (formerly known as Twitter), leading to market chaos and the abrupt loss of billions of dollars in market value.
On January 9, a false post on X claimed that the SEC had approved spot bitcoin exchange-traded funds for money managers, which was not the case. The actual approval for these ETFs came approximately 24 hours later.
The SEC disclosed further details about the cyber attack, explaining that an “unauthorized party” acquired the SEC cell phone number linked to the X account through what is known as a “SIM swap” attack. SIM swapping is a common method in cyber theft where a person’s phone number is transferred to another device without authorization.
In this case, the hackers exploited knowledge about how mobile wireless carriers authenticate a customer’s identity, typically requiring a phone number and address. The SEC clarified that the unauthorized access to the phone number occurred via the telecom carrier and not through SEC systems. There is no evidence suggesting that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts.
Once in control of the phone number, the unauthorized party reset the password for the SEC’s @SECGov account on X. Law enforcement, including the FBI and Justice Department, is collaborating with the SEC to investigate how the SIM swap occurred and how the hackers identified the associated phone number.
The SEC also acknowledged that multifactor authentication on the @SECGov X account had been disabled in July 2023 at the staff’s request due to account access issues. The disabling remained in effect until the account was compromised on January 9.
The incident brought renewed attention to SEC Chair Gary Gensler, a critic of the cryptocurrency industry, who disavowed the unauthorized post from his personal account on January 9. Following the misinformation, the price of bitcoin experienced a sudden drop from nearly $48,000 to $45,500, resulting in a $63 billion market value loss within minutes. The SEC is actively investigating the matter, while Gensler faced skepticism from some in the crypto community, including Anthony Scaramucci, who suggested that Gensler’s explanation might not be entirely accurate.
