Open Editor’s Digest for free
Rula Khalaf, editor of the Financial Times, picks her favorite stories in this weekly newsletter.
A false post appeared on the US Securities and Exchange Commission’s official social media page
A widely shared post on January 9 that the SEC had given the green light to the first Bitcoin exchange-traded funds sent the cryptocurrency sector into a frenzy. The agency quickly disavowed the matter, announcing its good faith approval the next day.
The Securities and Exchange Commission said Monday that it had determined that an unauthorized party deployed apparent “SIM swapping,” which involves transferring a mobile phone number to a different device without the owner’s permission. The password for the SEC account on X was then changed.
The SEC said the transfer of the number occurred through the telecommunications company and not through the agency’s systems. The regulatory body added that it found no evidence that the hacker had access to its systems, devices, data or other social media accounts.
The agency also revealed that X in July disabled multi-factor authentication at the request of the SEC “due to account access issues.” The measure was reinstated after the page was hacked and has been enabled for all SEC social media accounts that provide such authentication, the regulator said.
The incident was embarrassing for the agency after its head, Gary Gensler, made cybersecurity a pillar of his agenda and adopted rules requiring companies to be more vigilant about cyber risks.
Although the hack was not serious by cyber standards, since it did not affect the SEC’s own systems, analysts found that the lack of two-factor authentication, which X first revealed, was an easily avoidable mistake. “We encourage all users to enable this additional layer of security,” X said on the day of the incident.
The fake post came as Wall Street was anxiously awaiting SEC clearance for the release of the first bitcoin ETFs, which enable ordinary investors to hold the cryptocurrency in their brokerage accounts. Gensler expressed doubts about cryptocurrencies, calling the markets the “Wild West.”
Gensler has taken a tough enforcement stance against cryptocurrencies and argued that many digital tokens are securities that fall directly under the agency’s jurisdiction. The Securities and Exchange Commission already regulates ETFs.
On the day of the hack, Gensler posted on his
The regulator said Monday it was still coordinating with law enforcement as well as federal agencies including the FBI, the Department of Homeland Security and the Commodity Futures Trading Commission. According to the SEC, the focus of the investigation includes how the hacker got the carrier to change the SIM card and how they became aware of the account number.