Hacker Seized SEC Phone Number to Post Fake Bitcoin ETF Approval, X Says

The revelation raises questions about the investments regulator's security protocols.

AccessTimeIconJan 10, 2024 at 4:32 a.m. UTC
Updated Mar 8, 2024 at 7:35 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

The Securities and Exchange Commission (SEC) did not employ basic security measures on its X (formerly Twitter) account when it was “compromised” to spread false bitcoin ETF news, according to the social media company.

Late Tuesday, X’s Safety team said it had completed its “preliminary investigation” into the SEC’s market-moving, false post on approval of bitcoin ETF applications, which the regulator blamed on its “compromised” account.

“The compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party,” X’s Safety account posted.

The explanation seemingly rules out an “inside job” or “fat finger” theory of the midday post. Bitcoin (BTC) price pumped on the post, but quickly crashed after SEC Chair Gary Gensler clarified that the post was phony.

The incident raises new questions about basic security measures being taken by the SEC, the most powerful investment regulator in the U.S. and one whose statements are closely watched and traded on. Gensler himself has previously encouraged investors to take their security seriously.

U.S. senators J.D. Vance and Thom Tillis have sent a letter to the SEC demanding an explanation of its lapse in cybersecurity.

“It is unacceptable that the agency entrusted with regulating the epicenter of the world’s capital markets would make such a colossal error,” they wrote.

“We can also confirm that the account did not have two-factor authentication enabled at the time the account was compromised. We encourage all users to enable this extra layer of security,” X posted.

For full coverage of bitcoin ETFs, click here.

An SEC spokesperson did not immediately return a request for comment on the statement.

UPDATE (Jan. 10, 05:54 UTC): Adds details on the response letter sent to SEC by U.S. lawmakers.

Edited by Nikhilesh De.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Danny Nelson

Danny is CoinDesk's Managing Editor for Data & Tokens. He owns BTC, ETH and SOL.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.

Read more about