The Incident: False Bitcoin Spot ETF Approval
On January 9th, a tweet from the Securities and Exchange Commission’s (SEC) official account falsely announced the approval of Bitcoin Spot ETFs. It later emerged that this was a result of a hacking incident. The SEC has now confirmed that their account fell victim to a “SIM-Swap” attack, a sophisticated method used by cybercriminals to gain control of a victim’s phone number and associated services.
Understanding the SIM-Swap Attack
The SEC explained that someone took over their phone number linked to their Twitter account by using a SIM-Swap attack. In this kind of attack, the hacker fools the phone company into moving the victim’s phone number to a SIM card they have. This lets the hacker get past security steps like two-factor authentication (2FA).
SEC’s Lapse in Security
The SEC shared that part of the problem was their own mistake. Six months ago, an employee turned off the two-factor authentication (2FA) on the Twitter account because of access problems. They only turned it back on after the incident on January 9th. This gap in security made the account much easier to hack.
Market Impact of the False Announcement
The wrong news caused a big and quick reaction in the market. The incorrect report about the Bitcoin Spot ETF being approved made Bitcoin’s price fall by 5%. This led to about $90 million being liquidated. This event shows how much effect false information can have on financial markets.
SEC’s Action Post-Incident
After the hack, the SEC promptly implemented measures to address the issue. On the day after the event, they authorized the pending Spot ETFs, which have proven to be effective up to this point.
This occurrence acts as a clear indication of the significance of cybersecurity, particularly in critical financial settings. The SEC’s encounter with this SIM-Swap attack emphasizes the necessity for strong security measures to avert similar occurrences in the times ahead.
