SEC blames 'SIM swap' attack for compromising X account ahead of ETF approval

David Hollerith

The Securities and Exchange Commission said Monday that a "SIM swap" attack was responsible for an unauthorized social media post that triggered market chaos and erased billions of market value in just minutes.

The Jan. 9 post on X, formerly known as Twitter, stated that the SEC had granted money managers the approval to launch spot bitcoin exchange-traded funds, even though it hadn't. The final approval for those ETFs came roughly 24 hours later.

The confusion that followed the fake post attracted new scrutiny to the SEC, a longtime foe of the cryptocurrency industry that is still in the middle of a widespread crackdown on some of crypto’s major players.

The SEC on Monday offered more details about how this hack happened. It said an "unauthorized party" obtained the SEC cell phone number associated with the account on X in what the agency is calling "an apparent 'SIM swap' attack."

SIM swapping — a common technique in the world of cyber theft — is a way of transferring a person's phone number to another device without authorization.

To pull off such an attack, hackers need to know how mobile wireless carriers authenticate a customer's identity and some portion of information about their victims. Often, this only requires a phone number and address.

The SEC said access to the phone number "occurred via the telecom carrier, not via SEC systems" and that it has "not identified any evidence that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts."

Once in control of the phone number, the unauthorized party reset the password for the agency's @SECGov account on X.

Law enforcement is currently trying to figure out how the unauthorized party got the carrier to change the SIM for the account and how it knew which phone number was associated with the account.

The FBI and Justice Department, among other agencies, are working with the SEC on the investigation.

The SEC also acknowledged Monday that multifactor authentication on the @SECGov X account had been disabled in July 2023 by X "at the staff's request" due to "issues accessing the account." It remained disabled until the account was compromised on Jan. 9.

U.S. Securities and Exchange Commission (SEC) Chairman Gary Gensler testifies before a House Financial Services Committee oversight hearing on Capitol Hill in Washington, U.S. September 27, 2023. REUTERS/Jonathan Ernst
Securities and Exchange Commission Chairman Gary Gensler. (Jonathan Ernst/REUTERS) (REUTERS / Reuters)

The mishap attracted new attention to SEC Chair Gary Gensler, a longtime foe of the crypto industry who had to disavow the unauthorized post on Jan. 9 with a post from his personal account.

The price of bitcoin (BTC-USD) fell that afternoon from nearly $48,000 to $45,500, losing $63 billion in market value over just a matter of minutes. It has since dropped to roughly $40,000.

The SEC provided few details the day of the mishap beyond saying the unauthorized public message on X "was not made by the SEC or its staff" and that there had been unauthorized access "by an unknown party for a brief period of time shortly after 4 pm ET."

One longtime crypto backer, Anthony Scaramucci, pushed back on Gensler's explanation of the communications mishap hours after it happened.

"I think Gensler is lying," he said on X. "I bet an employee screwed up and jumped the gun and he is blaming it on X."

David Hollerith is a senior reporter for Yahoo Finance covering banking, crypto, and other areas in finance.

Click here for the latest crypto news, updates, and more related to ethereum and bitcoin prices, crypto ETFs, and market implications for cryptocurrencies

Read the latest financial and business news from Yahoo Finance

Advertisement