SEC Hacking Incident Sparks Demands for Cybersecurity Investigation

The commission appears to have failed to use multi-factor authentication.

US lawmakers demand an evaluation of the Securities and Exchange Commission's (SEC) cybersecurity measures following the recent breach of the agency's X account that led to a false post proclaiming bitcoin exchange-traded funds (ETF) approval, creating a price spike.

The SEC confirmed the unauthorized access to its X (formerly Twitter) account, leading to the dissemination of misleading information about the approval of Bitcoin ETFs.

SEC Hacking Incident Sparks Demands for Cybersecurity Investigation
U.S. Securities and Exchange Commission (SEC) chairman Gary Gensler attends a meeting of the Financial Stability Oversight Council at the U.S. Department of Treasury on December 14, 2023, in Washington, DC. Drew Angerer/Getty Images

While the SEC did approve the first US-listed Bitcoin ETFs on Wednesday, the earlier false announcement on X led to a sudden rise in Bitcoin's price to around $48,000 before quickly dropping to below $45,000.(Photo: Drew Angerer/Getty Images)U.S. Securities and Exchange Commission (SEC) chairman Gary Gensler attends a meeting of the Financial Stability Oversight Council at the U.S. Department of Treasury on December 14, 2023, in Washington, DC.

SEC Failed to Use MFA

Reacting to the hacking incident, Democratic Senator Ron Wyden of Oregon and Republican Senator Cynthia Lummis from Wyoming wrote a letter to the SEC calling for an investigation into the issue. They warned that the SEC appears to have not followed best cybersecurity practices like multi-factor authentication (MFA).

"We urge you to investigate the agency's practices related to the use of MFA, and in particular, phishing-resistant MFA, to identify any remaining security gaps that must be addressed," the lawmakers said, as quoted by Reuters.

The commission, already working with law enforcement to investigate the hack, revealed that the SEC X account hacking was done by an "unknown individual" installing themselves into control over a phone number associated with the agency's account.

Notably, X discovered that the commission was not using two-factor authentication at the time when it had been breached, according to a report from The Guardian.

Two-factor authentication is a security measure that forces users to provide a passcode and a special key sent via email or over the phone before accessing their online account.

SEC OKs Rule on Bitcoin ETFs

The SEC approved rule changes to enable the creation of bitcoin ETFs in the US, a development that allows mainstream investors to gain exposure to bitcoin through regulated channels.

The landmark decision is expected to lead to the conversion of existing funds, such as the Grayscale Bitcoin Trust, into ETFs and the launch of competing funds by major issuers like BlackRock and Fidelity.

The US Securities and Exchange Commission (SEC) has been averse to the idea of allowing an investment fund in Bitcoin for quite some time now, dismissing all applications filed over the years regarding creating exchange-traded funds based on it.

SEC Chair Gary Gensler highlighted that the latest approval relates to ETPs holding Bitcoin as a commodity non-security. He made it clear that the decision to approve or disapprove listing standards for crypto asset securities should not be viewed as an effort on their part to satisfy the SEC's requirements in this regard.

"Nor does the approval signal anything about the Commission's views as to the status of other crypto assets under the federal securities laws or about the current state of non-compliance of certain crypto asset market participants with the federal securities laws," he said in a statement, per CNBC.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics