Wed | Jan 10, 2024 | 2:27 PM PST

The U.S. Securities and Exchange Commission's (SEC) account on X (formerly Twitter) was briefly compromised on Tuesday, January 9, sending shockwaves through the cryptocurrency market and raising serious questions about the agency's cybersecurity practices. A fake post announcing the approval of Bitcoin exchange-traded funds (ETFs) caused Bitcoin's price to spike before the SEC confirmed the hack and disavowed the information.

A fake announcement and market mayhem

Shortly after 4 p.m. Eastern Time, a post appeared on the SEC's X account claiming it had approved Bitcoin ETFs for listing on all registered national securities exchanges. The post, complete with a picture of SEC Chair Gary Gensler, quickly spread like wildfire, triggering a surge in Bitcoin's price.

Within minutes, the price of Bitcoin climbed more than $1,000, reaching nearly $48,000. However, the jubilation was short-lived. Chair Gensler took to his personal X account to clarify that the post was unauthorized and the SEC had not approved any Bitcoin ETFs. The price of Bitcoin promptly plummeted back down to around $45,200.

Here is a screenshot of the since deleted unauthorized post from @SECGov on X:

SECgov fake post on X

Security lapses and missed opportunities

The SEC's X account hack exposed vulnerabilities in the agency's cybersecurity measures. The Safety Team at X confirmed that the account was compromised through a third party gaining control of a phone number associated with it. This highlights the importance of robust two-factor authentication (MFA) protocols, which were not enabled for the SEC's X account.

"The most immediate cybersecurity concern is securing the SEC's official accounts," Darren Guccione, CEO and Co-Founder of Keeper Security, emphasized. "Strengthening authentication mechanisms and reviewing access controls are equally important priorities."

The incident also raises concerns about the potential for manipulation in the cryptocurrency market. The fake announcement, even though quickly debunked, was enough to cause significant price swings, demonstrating the vulnerability of the market to misinformation and coordinated attacks.

Expert opinions and broader implications

Cybersecurity experts expressed varying perspectives on the incident and its implications. Claude Mandy, Chief Evangelist at Symmetry Systems, pointed out that cybercriminals often target the "quickest way to monetize access," highlighting the potential for organized financial crime in such attacks.

Bud Broomhead, CEO of Viakoo, emphasized the broader lessons learned from the hack. "The main lesson is that hackers will test the 'lowest hanging fruit' in their efforts," he stated. "Not having MFA turned on should, at this point, be considered as a basic."

The SEC X account hack serves as a stark reminder of the importance of cybersecurity in today's digital age. It underscores the need for robust security measures, responsible social media management, and continued vigilance against cyberattacks, especially in sensitive sectors like finance.

This incident also raises important questions about transparency and accountability. The SEC's response to the hack and its plan to improve security will be crucial in rebuilding trust with the public and ensuring the integrity of the markets it regulates.

This incident serves as a powerful wake-up call for both organizations and individuals. It highlights the importance of implementing strong multi-factor authentication and robust cybersecurity protocols, as well as maintaining a critical mindset when consuming online information.

Additionally, promoting transparency in response to security incidents is crucial. By taking these simple and easily accessible steps, we can collectively build a more secure digital world and effectively protect ourselves against cyberattacks.

[RELATED: SEC X Account Hack: SIM Swap Exposed Vulnerability]

Follow SecureWorld News for more stories related to cybersecurity.

Comments