The Securities and Exchange Commission (SEC) reports that a “SIM swap” attack was responsible for the hack on its X account earlier this month.
On January 9, the official @SECGov account was compromised and misused to post a false approval for the listing and trading of spot Bitcoin exchange-traded products. This fake announcement coincided with the genuine approval granted by the SEC shortly after, which momentarily caused Bitcoin’s price to surge.
Following the incident, the SEC, in collaboration with its telecommunications carrier, concluded that an unauthorized individual gained control of the phone number linked to the SEC’s account through a SIM swap attack. The perpetrator managed to transfer the phone number to another device, thereby enabling them to reset the password and take over the account.
The SEC clarified that the access was obtained via the telecommunications provider, not through any breach of its systems, data, or other social media accounts. Nevertheless, the SEC acknowledged that it had requested X to disable multi-factor authentication on the account back in July 2023 due to problems accessing it.