A false spot Bitcoin ETF approval news was made on the SEC’s social media account, creating a market-wide frenzy.
The United States Securities and Exchange Commission (SEC) was surprised on 9th January when someone posted on their X (formerly Twitter) account that the SEC had approved all 11 spot Bitcoin ETF applications.
As it turned out, the news was posted by an unauthorized entity, who hacked the regulatory authority’s social media account’s credentials and pretended to announce the news on behalf of the SEC.
Just 15 minutes after the post went live, the SEC later posted a retraction, and Chair Gary Gensler said that the commission hadn’t authorized the listing of spot Bitcoin ETFs yet, and the news was utterly false.
Market reaction to the False spot Bitcoin ETF approval news
Multiple news outlets jumped onto the initial post. They posted on their socials and websites, giving people the good news that the SEC has finally approved the spot Bitcoin ETF applications, only to delete those posts later or correct their followers that the news was a complete hoax.
Different crypto influencers on X also made the mistake of posting the news on their channels and social media accounts without verifying it themselves. They later had to inform their followers of the same thing.
However, no one can blame the news media outlets or the influencers because everyone wants to be the first to deliver the news and attract more audience to their channel.
The post was indeed made from the official SEC X account, which is as official as the news announcement can get, and no one could have imagined that someone managed to hack into a government entity’s official account and post false information for the general public.
Cointelegraph, Blockworks, and Reuters are some of the known giants of breaking crypto-related news to the crypto community, and they even posted on their accounts and websites the initial post from the SEC after correcting everyone once Gensler’s statement became public.
The initial unauthorized post also posted a fake photo where a quote from the SEC chair was shown, informing people of the news they had so desperately waited to hear for some time now.
The SEC pulled the initial tweet from their timeline as soon as they knew what was happening. Still, the posts had already gotten millions of views and likes, which tells you all eyes were on the SEC’s social media account anticipating the spot Bitcoin ETF approval announcement.
The statement from the SEC refuting the initial statement said: “The SEC’s X account was compromised, and an unauthorized post was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products.”
Once the dust settled, some believed that the initial false news had some visible clues that would have made people see that this is not the usual pattern the SEC follows when announcing any crypto-related news.
The glaring error was using the hashtag Bitcoin emoji in the X post, which the SEC has just now done. The other obvious error was that the deadline SEC gave to the ETF filers was 10th January, so why would they push it back one day when they only changed it some of the time they asked the applicants to complete their submissions before that deadline?
Some people on social media believed that the information provided in the now-retracted SEC tweet was accurate but was released prematurely. It meant the SEC knew they would approve these applications, just not a day before they initially intended.
Others said that the post on SEC’s X account showed that it liked two replies to the false post from random accounts, which is not considered usual from the SEC.
The crypto market reacted swiftly to the initial news, which is visible on the daily crypto chart. Bitcoin surged roughly 2.5% when the false news was made, and its price jumped from $46,729 to $47,901. However, when Gensler announced the fake news, it dropped 7% to $44,701.
If anyone has any questions regarding why we leave a note on most of our articles to verify the news first and do your due diligence before investing in cryptocurrency, in that case, the incident on 9th January is another excellent example.
United States Senators call for an investigation.
Two United States senators called for the SEC to provide a report explaining the breaching of the SEC’s X account to Congress. Senators J.D. Vance and Thom Tills wrote a letter to Gary Gensler the same day the false narrative was made public to the general public, asking him to conduct an investigation and submit his findings to Congress.
These senators said the incident raised serious concerns about the SEC’s internal cybersecurity procedures. They said that such incidents diminish the image of the regulatory authority as a protector of investors’ interest, maintaining fair, orderly, and efficient market conditions and facilitating capital formation.
The senators also expressed their view that such incidents cause widespread confusion in the market, which no one wants to see. They have asked the SEC to submit their findings before the 23rd January deadline.
Apart from expressing their concerns and asking for an explanation, the letter also reminded the SEC about submitting a report in which they had to explain how the release of such news impacted the business within four days of the incident.
It said: “If this ‘compromised’ social media post was indeed a result of a cybersecurity attack, could the Commission (SEC) provide Congress with a report on the breach within four business days? If not, please explain why.”
Vance and Thillis’ letter had joined others in asking for precise information about the incident, and many members of Congress wanted an official investigation.
U.S. Senator Bill Hagerty criticises the SEC, saying they would want an investigation if the mistake came from someone outside the agency. Hagerty stressed that Congress needs answers just like the SEC demands accountability from public companies for significant errors that affect the market.
U.S. Senator Cynthia Lumiss is also asking for openness, especially regarding what she calls fraudulent announcements. Elon Musk, who owns X and is the CEO of Tesla, used the opportunity to disagree with a previous statement on CNBC suggesting that the SEC hack happened because of a problem within X’s systems.
X’s Response to the Incident
The safety team at X came up with the answer to how the hacker managed to gain access to the SEC’s official account. The answer was surprising and, to some extent, amusing for some at the same time when they disclosed that the hacker managed to gain access to SEC’s account because they didn’t enable the two-factor authentication (2FA) of their X profile, which was the loophole the hacker exploited to gain access to SEC’s account.
Not to make fun of this revelation from the X security team, but many termed this fact as an embarrassing incident for the SEC. In a post on 10th January, the X’s safety page wrote that the SEC hack took place because the hacker managed to gain control of the phone number associated with the account and used that number to access the SEC’s official X page.
The technique that the hacker used to gain access to SEC’s account is called a swim swap hack. A SIM swap hack is a cyber-attack where a malicious actor tricks a mobile carrier into transferring a victim’s phone number to a new SIM card under their control.
The unauthorized transfer enables the hacker to intercept sensitive information, such as two-factor authentication codes sent via SMS, allowing access to the victim’s accounts.
By taking control of the phone number, the attacker can compromise email, social media, and financial accounts.
The method often involves social engineering techniques or exploiting weaknesses in the carrier’s security processes, highlighting the importance of robust identity verification measures to prevent such unauthorized SIM swaps.
The official statement from X on their social profile stated: “Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number associated with the SEC account through a third party. We can also confirm that the account did not have two-factor authentication enabled at the time the account was compromised.”
Blockchain investigator ZachXBT cleverly repurposed SEC Chair Gary Gensler’s earlier counsel on social media security in a witty response to the initial safety post by X.
In a friendly reminder directed at SEC Chair Gary Gensler, the message advised him to secure his financial accounts and guard against identity theft and fraud.
The recommendation included using robust passphrases or passwords, activating multifactor authentication, and enabling account alerts. It served as a simple yet crucial guide to enhance online security for the SEC chair.
SEC is seeking the FBI’s Assistance
On 10th January, the SEC disclosed that they were working with the FBI to find the source of the hack. The SEC planned to probe the tweet with the FBI and its Office of the Inspector General.
Gensler later clarified that the SEC had not endorsed Bitcoin, only the ETF products, and the SEC warned the public that any approval for a rule change regarding spot Bitcoin ETFs would be posted on its website, which was subsequently done.
