The SEC’s X account was apparently ‘compromised’ to falsely claim bitcoin ETFs were approved
The errant post briefly juiced the price of bitcoin.
The official X account belonging to the Securities and Exchange Commission was briefly “compromised,” the regulator said, after an apparently rogue post on X temporarily juiced bitcoin prices.
On Tuesday, the SEC’s official X account tweeted that bitcoin ETFs had been approved “for listing on all registered national securities exchanges.” The tweet included an official-looking graphic featuring a quote from SEC Chair Gary Gensler. However, Gensler himself quickly clarified from his X account that the post from @SECGov was the result of a "compromised” account.
“The @SECGov twitter account was compromised, and an unauthorized tweet was posted,” Gensler wrote. “The SEC has not approved the listing and trading of spot bitcoin exchange-traded products.”
The confusion comes as the SEC is, in fact, considering whether to approve spot bitcoin ETFs, investment funds that hold the cryptocurrency. The regulator is expected to make a decision Wednesday in a process that has been closely watched by crypto investors.
Naturally, the now-deleted tweet from the SEC’s official (and gray check-verified) account on X prompted a momentary surge in bitcoin prices, followed by a steep decline. The post and subsequent clarification from Gensler “wiped out over $50 million of leveraged derivatives trading positions within an hour,” according to and analysis from CoinDesk.
In an update Wednesday, an SEC spokesperson said the rogue tweet had not been "drafted or created by the SEC." The spokesperson added that "the first public indication" of a change would not come via the agency's X account. "Consistent with existing practice, any Commission action on exchange rule filings would be posted on the relevant section of the SEC’s website at https://www.sec.gov/ and then in the Federal Register."
The SEC hasn't shared details about how its X account was “compromised.” In a statement, an SEC spokesperson told Engadget that it was investigating the matter, and working with the FBI and Inspector General. "The SEC has determined that there was unauthorized access to and activity on the @SECGov x.com account by an unknown party for a brief period of time shortly after 4 pm ET," the spokesperson said. "That unauthorized access has been terminated. The SEC will work with law enforcement and our partners across government to investigate the matter and determine appropriate next steps relating to both the unauthorized access and any related misconduct."
X didn’t immediately respond to a request for comment, but the company shared the results of its "preliminary investigation" Tuesday evening.
"We can confirm that the account @SECGov was compromised and we have completed a preliminary investigation," X write in a post from its safety account. "Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party. We can also confirm that the account did not have two-factor authentication enabled at the time the account was compromised."
We can confirm that the account @SECGov was compromised and we have completed a preliminary investigation. Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number…
— Safety (@Safety) January 10, 2024
X's comments also raise a number of new questions about the takeover. As Bloomberg points out, government-run social media accounts are supposed to use multi-factor authentication as an extra layer of security. If the regulator, which is currently investigating X over its security practices, had lax security settings itself, it would be a significant embarrassment to the agency.
But though X suggested its systems were not compromised, the company could still face scrutiny over whether it's doing enough to protect high-profile accounts. It's also not the first time high-profile government accounts have been hijacked on the platform. In 2020, hackers took over the accounts belonging to Barack Obama, Joe Biden, Musk, Bill Gates and a number of others in a coordinated crypto scam. A Florida teen and two others were later charged and the company, then known as Twitter, said the hacks were the result of a social engineering scheme.
Update January 9 2024, 6:50PM ET: This story has been updated with a statement from an SEC spokesperson about their investigation.
Update January 9 2024, 11:18PM ET: This story was updated to include comments from X about the SEC's account.
Update January 10 2024, 3:38PM ET: This story has been updated with additional comments from the SEC.
