Hacker Seized SEC Phone Number to Post Fake Bitcoin ETF Approval, X Says

The Securities and Exchange Commission (SEC) did not employ basic security measures on its X (formerly Twitter) account when it was “compromised” to spread false bitcoin ETF news, according to the social media company.

Late Tuesday, X’s Safety team said it had completed its “preliminary investigation” into the SEC’s market-moving, false post on approval of bitcoin ETF applications, which the regulator blamed on its “compromised” account.

“The compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party,” X’s Safety account posted.

The explanation seemingly rules out an “inside job” or “fat finger” theory of the midday post. Bitcoin (BTC) price pumped on the post, but quickly crashed after SEC Chair Gary Gensler clarified that the post was phony.

The incident raises new questions about basic security measures being taken by the SEC, the most powerful investment regulator in the U.S. and one whose statements are closely watched and traded on. Gensler himself has previously encouraged investors to take their security seriously.

U.S. senators J.D. Vance and Thom Tillis have sent a letter to the SEC demanding an explanation of its lapse in cybersecurity.

“It is unacceptable that the agency entrusted with regulating the epicenter of the world’s capital markets would make such a colossal error,” they wrote.

“We can also confirm that the account did not have two-factor authentication enabled at the time the account was compromised. We encourage all users to enable this extra layer of security,” X posted.

For full coverage of bitcoin ETFs, click here.

An SEC spokesperson did not immediately return a request for comment on the statement.

UPDATE (Jan. 10, 05:54 UTC): Adds details on the response letter sent to SEC by U.S. lawmakers.