The SEC says it is committed to the security of its systems and is continuing to investigate the hack of its official account on X.
The US securities regulator, the SEC, has released a statement regarding the hack of its X (formerly Twitter) account on Tuesday, falsely claiming that it had already approved all Bitcoin spot ETFs.
Although the SEC authorized the listing of these investment products one day after, on January 10, the post that took place on Tuesday from his account on the social platform was made by an unauthorized party, who managed to briefly gain access and control of said account.
During this brief access, the unauthorized party not only posted a message stating that all Bitcoin spot ETFs had been approved, but also posted a second tweet, which mentioned Bitcoin, “$BTC,” and liked two other cryptocurrency-related posts.
The SEC noted that none of these messages or actions were authorized.
In the statement, it also said there was no evidence that the unauthorized party had gained access to the securities regulator's systems, data, devices or other social media accounts.
The message reading “$BTC,” which was posted from the SEC’s official account on X, was deleted by the same unauthorized party, the regulator’s chairman, Gary Gensler, explained. He also indicated that after realizing that the account on X had been compromised, SEC staff reached out to the social platform for assistance in terminating unauthorized access to the account.
“Staff removed the first unauthorized post on the @SECGov account, unliked the two “liked” posts, and at 4:42 p.m. ET made a new post on the @SECGov account indicating that the account had been compromised.”, Gensler said in the statement.
Is the SEC evading its responsibility?
The Securities and Exchange Commission says it is investigating, with the relevant authorities, the incident that occurred with its account at X, to determine the impact of the false publication and, if warranted, the application of additional corrective measures.
However, in the statement, the securities regulator recalled that posts made on social media “only amplify announcements made on our website” and that the announcement related to Bitcoin ETFs on Tuesday had not been published on the Commission’s website.
“It is important to note that the Commission makes its actions public on the Commission’s website, http://www.sec.gov. The Commission does not use social media channels to make its actions public.”Gensler said.
The SEC’s announcement on Bitcoin ETFs was not published on the regulator’s website until Wednesday, January 10, when Gensler shared a statement announcing the approval of these investment vehicles.
“Today, the Commission has approved the listing and trading of a number of bitcoin spot exchange-traded product (ETP) shares”, reads in the release.
Although the SEC had rejected several dozen similar requests in the past, it recently noted that market circumstances had changed, citing the injunction issued by the Court of Appeals in August in the case with Grayscale Investments. According to Gensler, the injunction forced the SEC to discuss the approval of Bitcoin ETFs in more detail, which it ultimately chose as the “most sustainable” path.
About cybersecurity
In the recent statement made by the SEC, the agency also assured that it is committed to cybersecurity and the protection of all its systems. However, lawmakers do not agree with these statements and are therefore asking the SEC Inspector General to open an investigation into the hacking of the SEC account on X.
Wyoming Senator Cynthia Lummis and Oregon Senator Ron Wyden sent a letter to Inspector General Deborah J. Jeffrey, asking for an investigation into the incident, due to the regulator's failure to adhere to cybersecurity practices and the impact of the false posting about Bitcoin ETFs that day.
As reported by this media, the company that provides security services and tools to X, Safety, published a report indicating that the hacking of the SEC account was not due to a vulnerability in its platform, but rather to a phone number linked to regulator's account was compromised as the account itself did not have two-factor authentication (2FA) enabled, an essential security mechanism to increase security and mitigate the risk of unauthorized account access.
Continue reading: The first real estate contract with Bitcoin is signed in Argentina
