US Securities and Exchange Commission X account hijacked

Update 11/01/2024: Just a day after it announced that its X account had been hijacked, the SEC has announced the approval of spot Bitcoin ETFs, ruling that the approval is in the best interest of the public and investors.

Both the SEC and its chair, Gary Gensler, took to the platform to clarify that the accounts had been hijacked and that posts relating to crypto were not written and posted by the SEC.

“The @SECGov twitter account was compromised, and an unauthorized tweet was posted,” wrote Gensler.

“The SEC has not approved the listing and trading of spot bitcoin exchange-traded products.”

The @SECGov X account was compromised, and an unauthorized post was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products.

— U.S. Securities and Exchange Commission (@SECGov) January 9, 2024

This incident comes just days after a myriad of X accounts belonging to major corporations or government officials and politicians have been hijacked to advertise crypto scams.

The tweet, which has since been deleted, said that the SEC allowed Bitcoin EFTs to be listed on security exchanges.

VIEW ALL

"Today the SEC grants approval to Bitcoin ETFs for listing on registered national security exchanges," read the post.

"The approved Bitcoin ETFs will be subject to ongoing surveillance and compliance measures to ensure continued investor protection."

The post also included a fake quote from Gensler, which said "today's approval enhances market transparency and provides investors with efficient access to digital asset investments within a regulated framework.

Thanks to the SEC X accounts large audiences of almost 600,000 followers (599.6K), news spread quickly, causing Bitcoin prices to briefly spike.

However, news that the post was fake quickly normalised the price.

Just a day prior to the SEC account hijacking, the accounts of Netgear and Hyundai Middle East and Africa were compromised.

The two accounts have a combined audience of over 160,000 followers, and both impersonate different crypto applications.

Signs that Netgear’s account had been hijacked appeared on 6 January, when it began replying to tweets by BRCapp, a mobile application for bitcoin.

It also made a number of posts on the same day, pushing a deal in which the first 1,000 people to sign up would receive $100,000.

“Registration for BRC Launchpad is already open,” the post said.

“First $100,000 IDO Goes Live, don’t miss your chance.”

Instead of an easy six-figure boost, those who fell for the trap instead had their NFTs and crypto stolen.

Prior again to these two hijackings, the X account of cyber security company Mandiant was also compromised.

After taking control of the Mandiant account, the hijacker renamed the account to @phantomsolw in an effort to impersonate the Phantom crypto wallet.

Once changed, the hackers spared no time posting about a “promotion” in which wallet users could claim free $PHNTM tokens.

Those without the wallet installed, as seen by BleepingComputer, are redirected to the legitimate site to download the wallet. However, once installed, those who click the link for the promotion will have their wallets drained.

Phantom said it had blocked the link to prevent further theft and added a pop-up warning users that the wallet had been used as part of a phishing scam.

“Phantom believes this website is malicious and unsafe to use. We have disabled the ability to interact with it in order to protect you and your funds,” said the pop-up.

“We are aware of the incident impacting the Mandiant X account and are working to resolve the issue,” it said.

Despite this, it appears that the hacker still has control of the Mandiant account but has given up the ploy of a legitimate promotion and has instead moved towards trolling Mandiant.

“Sorry, change password please,” said one post.

“Check bookmarks when you get account back.”

Updated 10/01/2024 : In a widely reported statement by the SEC has elaborated on the incident, saying that it was working with law enforcement to further investigate the issue.

"The SEC has determined that there was unauthorized access to and activity on the @SECGov x.com account by an unknown party for a brief period of time shortly after 4 pm ET," wrote the SEC.

"That unauthorized access has been terminated.

"The SEC will work with law enforcement and our partners across government to investigate the matter and determine appropriate next steps relating to both the unauthorized access and any related misconduct."

Updated 10/01/2024 : X has issued its own statement on the incident, pointing out that the US SEC did not have two-factor authentication enabled on its account.

"We can confirm that the account @SECGov was compromised and we have completed a preliminary investigation. Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party. We can also confirm that the account did not have two-factor authentication enabled at the time the account was compromised. We encourage all users to enable this extra layer of security."

We can confirm that the account @SECGov was compromised and we have completed a preliminary investigation. Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number…

— Safety (@Safety) January 10, 2024

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.