{"id":23646,"date":"2024-01-13T12:28:22","date_gmt":"2024-01-13T20:28:22","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2024\/01\/13\/news-17376\/"},"modified":"2024-01-13T12:28:22","modified_gmt":"2024-01-13T20:28:22","slug":"news-17376","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/01\/13\/news-17376\/","title":{"rendered":"SEC X account hacked to hawk crypto-scams"},"content":{"rendered":"\n

We have seen several high-profile accounts that were taken over on X (formerly Twitter) only to be used for cryptocurrency related promotional activities, like expressing the approval of exchange-traded funds (ETFs).<\/p>\n

The latest victim in this line-up is the Securities and Exchange Commission (SEC).<\/p>\n

\n
\n
\n

The @SECGov<\/a> X account was compromised, and an unauthorized post was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products.<\/p>\n

— U.S. Securities and Exchange Commission (@SECGov) January 9, 2024<\/a><\/p><\/blockquote><\/div>\n<\/figure>\n

The\u00a0unauthorized post (which was removed within 30 minutes) looked like this:<\/p>\n

\"The<\/figure>\n

The post says:<\/p>\n

\n

“Today the SEC grants approval to Bitcoin ETFs for listing on registered national security exchanges.<\/p>\n

The approved Bitcoin ETFs will be subject to ongoing surveillance and compliance measures to ensure continued investor protection.\u201d<\/p>\n<\/blockquote>\n

The hack appears to have been designed to take advantage of anticipation around an imminent annoncement by US regulators about Bitcoin Exchange Traded Funds (ETFs). ETFs are financial products that allow investors to buy commodities like gold or Bitcoin as if they are shares. A spot Bitcoin ETF will buy the cryptocurrency directly, “on the spot”, at its current price, throughout the day. The approval would mark a key milestone for the cryptocurrency market in gaining acceptance to mainstream financial markets. <\/p>\n

Even though the false tweet only had a short life-span it caused a $2,000 spike in Bitcoin exchanges rates. Someone knowing this was going to happen could have made a significant profit.<\/p>\n

In a statement the SEC said:<\/p>\n

\n

“That unauthorized access has been terminated. The SEC will work with law enforcement and our partners across government to investigate the matter and determine appropriate next steps relating to both the unauthorized access and any related misconduct.”<\/p>\n<\/blockquote>\n

Based on a preliminary probe, X confirmed that the SEC account had been compromised and it found that it was not due to a breach of the social media platform’s systems.<\/p>\n

According to X, an unidentified individual was able to obtain control over a phone number associated with the @SECGov account through a third party. This would suggest the compromise was the result of a SIM swapping<\/a> attack, where an attacker takes control of a phone number by convincing a mobile carrier to transfer the victim\u2019s phone number to a SIM card they own.<\/p>\n

With this control they can intercept messages, two-factor authentication (2FA) codes, and eventually reset passwords of the account the number has control over. Although apparently the SEC did not have 2FA enabled for its X account!<\/p>\n

Secure your X account<\/h3>\n

Although any form of 2FA is better than none, all forms of 2FA are not equally secure. SMS-based 2FA is vulnerable to SIM swapping and if you can avoid it, we suggest you do. X offers other options like an authentication app and a security key.<\/p>\n

To change your 2FA factor in X click on More<\/strong><\/p>\n

\"The<\/figure>\n

Select Settings and Support<\/strong> > Settings and Privacy<\/strong> > Security and Account access<\/strong><\/p>\n

\"Settings