SEC Press Release Regarding Unauthorized Access to X Account and False Bitcoin ETF Approval Announcement
The U.S. Securities and Exchange Commission (SEC) issued a statement in response to the recent hack of its X account, which resulted in a false announcement being made regarding the approval of a spot bitcoin exchange-traded fund (ETF). The SEC confirmed that on Tuesday, January 9, 2024, at approximately 4:00 pm ET, an unauthorized party gained access to the @SECGov X.com account by taking control of the associated phone number.
During this unauthorized access, the hacker made a post at 4:11 pm ET falsely proclaiming the Commission’s approval of spot bitcoin ETFs. Another post was made two minutes later, simply stating “$BTC.” Although the second post was subsequently deleted, the first post remained visible. Additionally, the unauthorized party liked two posts made by non-SEC accounts. However, there is currently no evidence to suggest that the hacker obtained access to SEC systems, data, devices, or other social media accounts.
Upon discovering the incident, the SEC’s Office of Public Affairs acted swiftly. At 4:26 pm ET, a post was made on the official @garygensler X.com account, notifying the public about the compromise of the @SECGov account and clarifying that the Commission had not approved the listing and trading of spot bitcoin ETFs. The first unauthorized post was deleted, and the two liked posts were un-liked. A subsequent post on the @SECGov account at 4:42 pm ET acknowledged the compromise and sought assistance from X.com to terminate the unauthorized access. Based on the available information, it is believed that the unauthorized access was terminated between 4:40 pm ET and 5:30 pm ET.
The SEC has emphasized its commitment to cybersecurity and is currently assessing the implications of this incident on the agency, investors, and the market. Concerns over the security of the SEC’s social media accounts have been recognized, and further remedial actions will be considered as necessary.
Collaboration with relevant law enforcement and federal oversight entities, including the SEC’s Office of Inspector General, the Federal Bureau of Investigation, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, is underway to investigate the incident. The SEC will provide updates on the progress of these investigations. It is pertinent to note that the Commission makes its actions public exclusively via its official website (http://www.sec.gov) and does not rely on social media channels for such announcements, as social media posts are solely meant to amplify official statements issued on the website.