The US banking regulator stated that a crucial security procedure on its X account was blocked for six months after hackers published a fraudulent Bitcoin post in January.
Prior to the post’s deletion, the cryptocurrency’s value increased significantly.
When hackers got access to the Securities and Exchange Commission (SEC) account, no multi-factor authentication (MFA) was in place.
Cybersecurity experts believe that other agencies should take note of this.
According to Ilia Kolochenko of cybersecurity company ImmuniWeb, “all governmental agencies should review the security of their social network accounts, even though the SEC’s X account hack is a minor security incident.”
He stated that a similar situation at a body like the US Department of Defense may have much more “devastating consequences”.
“Although MFA was previously enabled on the @SECGov X account, it was disabled by X Support in July 2023 at the staff’s request due to account access issues,” the Securities Exchange Commission (SEC) declared in a press release.
“Once access was restored, MFA was disabled until staff re-enabled it after the account was compromised on January 9.”
“At this time, MFA is available on all SEC social media accounts that support it.”
The SEC verified that the account was compromised when a fraudster persuaded a cell operator to move an SEC employee’s phone number to a new Sim.
The targeted employee’s phone number was tied with the SEC’s account for X, formerly known as Twitter.
Because MFA was suspended on the account, the hacker was able to reset the password, log in, and post.
It announced that the SEC had approved so-called exchange-traded funds (ETFs) for Bitcoin, which surged in value to ,000 (£37,800) before the post was removed.
Though the SEC has already verified the regulatory change, the cryptocurrency plummeted to little over 600 on Tuesday, its lowest value in 2024 thus far.
Cryptocurrency enthusiasts can now invest in exchange-traded funds, but what are they?
In a Sim-swapping attack, a hacker will generally call a mobile phone operator and claim to have lost the phone they are targeting and require a new SIM card.
Sometimes the hackers would enter a store in person to carry out the scam.
MFA is designed to guard against this type of hack.