On Friday, the Security and Exchange Commission (SEC) Chair Gary Gensler released an official statement concerning the false Bitcoin ETFs approval tweet on SEC’s X account.
According to Gensler’s official statement, the U.S. Securities and Exchange Commission (SEC) experienced a significant cybersecurity breach on January 9, 2024. The statement declared that an unauthorized entity gained access to the SEC’s official X.com (formerly Twitter) account, @SECGov, by commandeering the phone number linked to the account. The statement revealed a timeline of events on Tuesday, stating that at approximately 4:11 pm ET, the intruder posted a false announcement declaring the SEC’s approval of spot bitcoin exchange-traded funds (ETFs). This unauthorized post was swiftly followed by a second cryptic post reading “$BTC,” which the intruder later deleted.
SEC’s immediate actions and public clarification
Furthermore, the official statement has clarified that SEC staff, upon detecting the breach, acted promptly to mitigate the impact.
It is essential to know that by 4:26 pm ET, an official clarification was issued from Chair Gary Gensler’s @garygensler X.com account, stating that the @SECGov account had been compromised and that no such approval had been issued. The first unauthorized post was removed, and the two liked posts were un-liked. By 4:42 pm ET, the SEC had posted a new statement on the @SECGov account confirming the compromise. Efforts to terminate the unauthorized access were successful between 4:40 pm ET and 5:30 pm ET in collaboration with X.com.
Ensuring security and ongoing investigations
Gensler’s latest statement on Friday assured the public that the SEC takes its cybersecurity responsibilities seriously and is currently assessing the full scope of the incident. While there is no indication of a breach of SEC systems, data, or devices, the agency recognizes the gravity of the security concerns raised, the statement added.
The SEC is actively coordinating with law enforcement and federal oversight entities, including the SEC’s Office of Inspector General, the Federal Bureau of Investigation, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. These investigations aim to understand how the breach occurred and to prevent future incidents. It is important to note that official SEC actions are made public on the Commission’s website and not through social media, which is used solely to amplify website announcements.
This security breach has raised alarms among lawmakers, prompting calls for a thorough investigation. Senators Ron Wyden and Cynthia Lummis have requested an inquiry into the hack and the SEC’s cybersecurity practices.