SEC Attributes ‘SIM Swap’ Attack as Cause for Unauthorised Access to X Account Before Formal Bitcoin ETF Approval
Mitchell Nixon
The United States Securities and Exchange Commission copped a “SIM swap” attack, which resulted in the dodgy announcement on Jan. 9 that spot Bitcoin exchange-traded funds (ETFs) got the green light.
We did an article on the fiasco here.
“Two days after the incident, in consultation with the SEC’s telecom carrier, the SEC determined that the unauthorised party obtained control of the SEC cell phone number associated with the account in an apparent ‘SIM swap’ attack,” an SEC spokesperson stated on the 22nd of Jan.
“Once in control of the phone number, the unauthorised party reset the password for the @SECGov account,” the SEC spokesperson added.
The SEC mentioned that law enforcement is looking into how the unauthorised party convinced the carrier to switch the SIM for the account and how they knew which phone number was linked to the SEC’s X account.
The SEC also disclosed that half a year before the attack, a staff member removed multi factor authentication as an extra layer of security due to difficulties accessing the account. This security measure wasn’t reinstated until after the Jan. 9 attack.
The SEC clarified that there’s no evidence indicating the unauthorised party gained access to other SEC systems, data, or social media accounts.
SIM swapping involves attackers taking control of a phone number by having it reassigned to a new device.
On Jan. 10, the SEC officially greenlit several spot Bitcoin ETF applications, most of which commenced trading on Jan. 11.