A fabricated announcement that appeared on the Securities but also Exchange Commission’s X account on Tuesday afternoon jolted Bitcoin prices upward – downward along with left the agency that polices market fraud facing public scrutiny over its own defenses. The post, which claimed the SEC had approved spot Bitcoin exchange traded funds, originated from an account that lacked basic protections the SEC routinely demands from the companies it oversees.
At 4:11 p.m. Eastern time the @SECGov profile issued a single sentence: âGrayscale Bitcoin Trust and ten additional spot Bitcoin ETFs receive formal authorization.â Within sixty seconds the statement traveled across algorithmic feeds, private chat rooms in addition to trading terminals. Bitcoin leaped from $46,735 to $47,863 on spot exchanges.
At 4:26 p.m. SEC Chair Gary Gensler wrote from his personal X account: âThe @SECGov account suffered compromise. No ETF approval has been granted.â At 4:42 p.m. the agency removed the original post and labeled it âunauthorized.â Bitcoin slid to $45,120.
The price swing erased roughly ninety billion dollars in market capitalization in less than one hour.
X Safety posted a technical summary at 9:03 p.m. An unidentified party seized control of a voice-over-IP number linked to the @SECGov profile through a carrier that resells telephone lines. The attacker reset the account password via SMS and posted the false statement. The SEC had disabled two factor authentication for the profile, a safeguard that requires a second credential beyond the password.
John Reed Stark, who founded the SEC Office of Internet Enforcement in 1998 and now advises corporations on cyber defense, called the lapse âtextbook hypocrisy.â Stark noted that the SEC’s 2023 examination priorities letter warns broker-dealers and investment advisers of enforcement action when social media controls fall short. âThey fine firms for missing a quarterly risk assessment, yet their own premier channel had no second factor,â he said.
In October the SEC filed civil charges against SolarWinds Corporation and its chief information security officer – alleging that internal presentations understated known vulnerabilities before Russian intelligence breached the software vendor and harvested data from federal agencies. The SEC now confronts a mirror image scenario – its own communication channel served as the attack vector.
Senators J.D. Vance besides Thom Tillis dispatched a two page letter to Chair Gensler within three hours of the incident. âThe credibility of the deepest capital market on Earth rests on competent stewardship,â the letter stated. âAn agency that mandates cyber hygiene must exemplify it.â The senators requested a timeline of the intrusion, a copy of the SEC’s incident response plan, and the date on which multi factor authentication last protected the @SECGov profile.
The SEC press office issued a four sentence statement at 10:14 p.m. The agency pledged cooperation with the Federal Bureau of Investigation, the Department of Homeland Security, and the multi agency Cyber Unified Coordination Group. No spokesperson agreed to an on record interview.
Tuesday’s event revived memories of prior SEC breaches. On August 22, 2017, the commission revealed that attackers penetrated its EDGAR filing system in 2016 and extracted non public earnings from corporate issuers. The SEC filed suit in 2019 against a Ukrainian hacker and six traders who allegedly netted more than four million dollars in illicit profits.
CloudSEK, a threat intelligence firm, reported on January 5 that dark web marketplaces listed more than four hundred compromised âgold checkâ business accounts for sale. Prices ranged from two hundred to two thousand dollars – depending on follower count. Government âgrey checkâ accounts commanded higher premiums, though fewer circulated.
The SEC’s X profile carried a grey checkmark and 3.4 million followers at the time of the intrusion. Screenshots posted to Breach Forums on Tuesday evening displayed a user auctioning â@SECGov accessâ for five bitcoin, approximately two hundred and fifteen thousand dollars. The post vanished within minutes.
Bitcoin traders proved especially susceptible to the false announcement. Derivatives markets recorded one hundred and twenty million dollars in liquidations during the spike and collapse. A trader who operates under the alias âKronosâ and manages a twenty-million-dollar fund described the reaction: âNo filings on EDGAR, no press release, no Gensler quote – just a tweet. Half the desks hit buy anyway.â
Stark warned that cryptocurrency markets remain fertile ground for rumor based manipulation. âEquity investors parse 10-Ks, earnings calls, supplier data. Crypto traders react to memes,â he said. âWhen the regulator’s own channel emits noise, the signal disappears.â
The SEC’s October 2023 tweet – âCareful what you read on the internet. The best source of information about the SEC is the SECâ – now appears beneath a community note that reads: âOn January 9, 2024, the SEC’s X account posted false ETF approval news. Verify statements through sec.gov.â
Security researchers traced the telephone number hijack to a reseller that provides voice-over-IP lines to federal agencies through a General Services Administration contract. The carrier, which operates under the name FirstComm, acknowledged âan isolated incident affecting one federal clientâ and stated that it âdisabled the offending user account.â The SEC has not confirmed the carrier’s identity.
Federal agencies must comply with Homeland Security Presidential Directive 12, which mandates two factor authentication for privileged accounts. The SEC’s Office of Inspector General listed âincomplete implementation of multifactor authenticationâ as a management challenge in a November 2023 report. The report noted that twenty three percent of the agency’s privileged accounts lacked the safeguard.
The @SECGov profile resumed tweeting at 11:05 a.m. Wednesday with routine enforcement actions. The agency has not posted details of the intrusion. A person familiar with the investigation said the SEC’s Office of Information Technology has until January 16 to brief the five commissioners.
Stark summarized the episode in plain terms: âA regulator that demands layered defenses left its own front door unlocked. Markets noticed.â