The SEC had multifactor authentication enabled six months prior to the hack, but it was disabled by X Support following a request by an SEC staff member, the securities regulator revealed.
The United States Securities and Exchange Commission has confirmed it fell victim to a “SIM swap” attack, leading to the false X post on Jan. 9 stating that spot Bitcoin (BTC) exchange-traded funds (ETFs) had been approved.
“Two days after the incident, in consultation with the SEC’s telecom carrier, the SEC determined that the unauthorized party obtained control of the SEC cell phone number associated with the account in an apparent ‘SIM swap’ attack,” an SEC spokesperson said on Jan. 22.
“Once in control of the phone number, the unauthorized party reset the password for the @SECGov account,” the SEC spokesperson added.