“Multi-factor authentication has been disabled since last summer.”
On the 22nd, a spokesperson for the U.S. Securities and Exchange Commission (SEC) provided new details regarding the false postings made on X about the Bitcoin (BTC) spot ETF.
The SEC says multi-factor authentication for the X account was disabled from last summer until after the fake posting.
The background is that the SEC’s account was hijacked on the 10th, Japan time, and false information was being sent out that a Bitcoin spot ETF had been approved, even though that fact did not yet exist.
Previously, it was revealed that the unauthorized access was achieved through a SIM swap technique, and that the SEC had not enabled “multi-factor authentication.”
The SEC explains that the takeover was not the result of a breach of SEC systems, but rather that someone fraudulently manipulated the phone number associated with the X account (@SECGov).
connection: SIM swap attack or Bitcoin ETF fake announcement behind SEC account breach
connection: U.S. House of Representatives demands explanation from SEC over fake Bitcoin spot ETF post
An SEC spokesperson said the following:
Multi-factor authentication (MFA) was previously enabled on the SEC’s X account (@SECGov), but was disabled in July 2023 at the request of SEC staff due to issues accessing the account. Ta.
By disabling MFA, staff can now access the account. However, the account was later hacked on January 9th, US time. Following the hack, SEC staff re-enabled MFA, but the company says it has remained disabled for some time.
What is Bitcoin ETF?
An Exchange Traded Fund that includes Bitcoin as an investment. An investment trust is a financial product that collects money from investors into a single fund and invests it in stocks, bonds, etc. The system is such that the investment results are distributed according to each investor’s investment amount. Among investment trusts, ETFs are listed on stock exchanges, so they can be bought and sold like stocks.
▶️Virtual currency glossary
Learn about Bitcoin ETFs from the beginning: Explaining the advantages and disadvantages of investing and how to buy US stocks
FBI and others are investigating
The SEC spokesperson continued that the SEC is currently enabling multi-factor authentication on all social media accounts that are capable of it.
A “SIM swap” attack is used to transfer someone’s phone number to another device without their permission.
The spokesperson also said that the phone numbers associated with the accounts were accessed through the carrier and not through a break-in to the SEC’s systems.
Additionally, law enforcement agencies such as the FBI are currently investigating how the perpetrator of the fraudulent post had his carrier change the SIM on his account, and how he learned the phone number associated with his SEC account. They say they are investigating the matter.
connection:What are the security weaknesses of Friendtech and the dangers of SIM swap attacks?