Twitter Safety Claims SEC Account Did Not Enable 2FA

Twitter Safety Claims SEC Account Did Not Enable 2FA

On Tuesday, the account of the US Securities and Exchange Commission (SEC) on Twitter posted a false announcement of approval of 13 spot Bitcoin exchange-traded funds (ETFs).

There were claims that Twitter was to blame for the fraudulent tweet, but the social media company has pushed back at these claims.

Twitter’s response

Twitter’s Safety team conducted a preliminary investigation into the SEC’s compromised account and said that X’s systems had not been breached.

Instead, it said that an unidentified individual had obtained control of a phone number that had been associated with the account of the SEC via a third party.

Twitter Safety also disclosed in its tweet that two-factor authentication (2FA) had not been enabled by the SEC account when the hack occurred.

Gary Gensler, the chairman of the SEC, had previously recommended this security measure as protection against fraud and identity theft.

The Safety team stated that they encourage all users to take advantage of this security measure to protect their accounts.

The world had been waiting to see if the SEC would approve a spot Bitcoin ETF. On Tuesday afternoon, the compromised SEC Twitter account claimed that the approvals had gone through.

The price of Bitcoin had been trading at a two-year high of $47,680, but it tumbled down to $45,500.


Once the fraudulent tweet had been removed, the SEC chairman clarified that pending Bitcoin ETFs had not been approved.

Gensler said that their Twitter account had been compromised and that the agency had not approved the listing and trading of any of the spot ETFs under consideration.

The SEC had confirmed late on Tuesday that its Twitter account had experienced ‘unauthorized access and activity’.

It also revealed that the individual who was responsible for the unauthorized access had been terminated.

More details

The regulator issued a statement in which it said that it would cooperate with law enforcement and its partners across the government to investigate the matter.

The securities regulator asserted that it would then determine the next steps regarding the unauthorized access as well as any other misconduct.

While no additional specifics were shared by X regarding its findings, someone on the site said that SIM jacking or SIM swapping may have been used by the attacker.

A hacker uses this malicious attack to trick a mobile provider into transferring the phone number of the victim to a SIM card they control.

This gives the hacker access to the messages, phone calls, and potentially online accounts of the victim. A SIM jacking attack last January compromised the Twitter account of trading platform Robinhood.

The hacker had then prompted an NFT scam and fake token. Some suggested that an employee of the SEC may have fallen victim to social engineering.

This is a psychological attack aimed at deceiving individuals into revealing confidential information.