The US Security and Exchange Commission (SEC) has confirmed that its X account was compromised to send out unauthorized tweets.
The agency is currently deliberating on whether to allow Bitcoin Exchange Traded Funds (ETFs), but a tweet from its official X account suggested that it had now approved them.
A spokesperson from the SEC clarified to CoinDesk that its “@SECGov X/Twitter account has been compromised,” adding that, “the unauthorized tweet regarding Bitcoin ETFs was not made by the SEC or its staff.”
No 2FA
In a further statement, the SEC also said it “will work with law enforcement and our partners across government to investigate the matter and determine appropriate next steps relating to both the unauthorized access and any related misconduct.”
SEC Chair Gary Gensler also issued a statement on his own X account, confirming, “the SEC has not approved the listing and trading of spot bitcoin exchangetraded products.”
Another spokesperson also told CoinDesk that decisions of this nature would not be announced via X, but rather on its official website and published in the Federal Register.
The safety team at X also tweeted explaining that there was no issue on its end; rather, an “unidentified individual” had managed to gain control of a phone number associated with the @SECGov account.
It means that if hackers manage to obtain your username and password for one of your accounts, they will still not be able to gain access without the 2FA code to authenticate.
In response to the original fake tweet approving bitcoin ETFs, the cryptocurrency rose to $48,000, then swiftly dropped by 6% when the tweet was confirmed false.
“This proves that accounts on X continue to be targeted and if an official account is compromised then serious consequences can follow. Cryptocurrency scams remain the focal point and with social pressure on X, they can still reap huge gains,” Jake Moore, Global Cybersecurity Advisor at ESET told Pro.
“Legitimate third party access compromise or targeted social engineering are still the most common ways to obtain access to an account which leaves the security onus very much on individuals. Therefore, even more significance should be directed at training staff and account owners especially when dealing with high profile accounts.”