For many years, the cryptocurrency industry has waited with bated breath for the U.S. Securities and Exchange Commission (SEC) to finally approve Bitcoin ETFs. Finally, on Wednesday the SEC granted this wish, announcing the approval for “a number of spot bitcoin exchange-traded product (ETP) shares.”
But this was not before a hacker had the first laugh.
Tuesday afternoon, a day prior, the official X account of the SEC was hacked, and a false announcement was released, declaring the approval of Bitcoin ETFs.
In the brief period before this false tweet would be deleted and debunked by the SEC, the cryptocurrency industry celebrated this momentous decision. The markets even reflected this excitement, as Bitcoin spiked to a price of $48,000 following the release of the fraudulent tweet.
The excitement was quickly snuffed, however, when the post was taken down and SEC Chair Gary Gensler announced that the announcement had been the result of an unidentified hacker having taken control of the SEC’s official X account for a short period.
Following this event, the SEC is currently investigating the incident alongside law enforcement to discover the person or persons behind the hack, and the purpose behind it.
According to Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, “The hacker could have been someone who wanted to profit on the temporary BTC pricing jump on the fake news, simply a crypto enthusiast trying to make a point, or it could have been a more thoughtful protest attack. The attacker seemed to want to intentionally embarrass the SEC.”
He explained that the SEC had certainly taken their time approving the Bitcoin spot ETF, “often citing potential easy illegal market manipulation and cybersecurity concerns as their reasons behind either turning down the ETF application or its slow approval. The hacker then created the ultimate irony and embarrassment by taking over the SEC’s Twitter account and then using it to illegally manipulate the market.”
Not to mention the question of how exactly this hacker gained access to the account of an organization that sets the standard, for all intents and purposes, for cybersecurity organizations across the country. Unfortunately, it turns out that the X account did not have two-factor authentication (2FA) enabled when the hack occurred, as X Safety announced in a tweet Tuesday night.
While the official approval for Bitcoin ETF came only a day after the account compromise, the hack caused a significant level of uproar and will likely not be forgotten for some time.
“While this incident appears to be contained, it demonstrates the impact of compromised social media accounts, particularly when such a highly influential entity is involved,” commented Darren James, a Senior Product Manager at Specops Software, an Outpost24 company.
“By all appearances, the unauthorized message was flagged almost immediately, which prevented broader fallout. But with the investment community awaiting the agency’s announcement regarding Bitcoin, millions of dollars could have potentially been transacted on fraudulent information.”
Considering the influential nature of the SEC within the cybersecurity industry, this bout of misinformation—for whatever purpose—shows the importance for organizations to maintain a strong and robust security posture, especially ahead of global shifts in industry, money, and politics.