US regulator acknowledges breach in cyber-security before to rogue Bitcoin post

When hackers posted a bogus post regarding Bitcoin in January, the United States Financial Regulator acknowledged that a vital security process on its X account had been banned for six months.

The value of the cryptocurrency skyrocketed before the post was removed from the website.

At the time that hackers were able to get access to the account, the Securities and Exchange Commission (SEC) did not have multi-factor authentication (MFA) in place.

The specialists in cyber security believe that it ought to serve as a wake-up call for other organizations.

Ilia Kolochenko, a representative from the cybersecurity company ImmuniWeb, stated that even if the hacking of the SEC’s X account is a relatively modest security event, all government organizations should carefully examine the safety of their social network accounts.

Specifically, he brought up the fact that a comparable situation at an organization like the United States Department of Defense may have more “devastating consequences.”

According to a statement released by the SEC, multi-factor authentication (MFA) had been activated on the @SECGov X account in the past; however, it was removed by X Support in July 2023 at the request of the staff; this was due to difficulties in accessing the account.

After access was restored, multi-factor authentication (MFA) remained blocked until the staff re-enabled it on January 9, which was the day after the account was compromised.

At this time, multi-factor authentication (MFA) is enabled for any social media accounts that provide it.

Attack with a switch of Sims

The SEC has verified that a fraudster tricked a cell provider into switching an SEC employee’s number to a new SIM card, allowing the account to be hacked.

The targeted employee’s phone number was linked to the SEC’s account for X, the defunct Twitter platform.

The hacker was able to change the password, log in, and publish since MFA had been suspended on the account.

It stated that the SEC had authorized Bitcoin exchange-traded funds (ETFs). Before the article was removed, the price of Bitcoin skyrocketed to $48,000 (£37,800).

Even if the SEC later verified the regulation shift, the cryptocurrency dropped to a little over $38,600 on Tuesday—its lowest point since 2024.

Thoughts on exchange-traded funds (ETFs) for cryptocurrency enthusiasts: what are they?
When conducting a SIM-swapping attack, a hacker will usually contact a mobile phone provider and say they need a new SIM card supplied to them because they misplaced the phone they are trying to access.

Occasionally, the hackers would physically enter the establishment to complete the scam.

The purpose of MFA is to defend against this type of attack.

It may take many different forms, such as texting someone, albeit that method is seen as less secure, or using a specific app that provides you with a PIN code for a website.

A person who has obtained access to the user’s phone number will receive the text message in place of them if the verification method they select is to receive a text message verifying they are the user.

Experts thus suggest using specialized software for verification in its place.