Jump to content
  • Sign Up
×
×
  • Create New...

Recommended Posts

  • Diamond Member

SEC bitcoin hack was result of SIM-swapping

A cyber ******* against the US Securities and Exchange Commission (SEC) that resulted in misinformation being posted on the financial regulator’s social media channels was the result of a SIM-swapping *******, it has emerged.

The ******* came to light on Monday 9 January when the SEC’s X account briefly appeared to confirm that the regulator had approved the creation of US-listed exchange-traded funds (ETFs) for the bitcoin cryptocurrency.

The SEC has since officially

This is the hidden content, please
in a landmark moment for crypto assets. However, in jumping the ****, its attackers caused significant fluctuations in the market before the post was removed and the SEC retook control of the hijacked account.

In the intervening fortnight, the SEC has been working with law enforcement and other bodies, including the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Justice (DoJ) and its own internal enforcement teams.

In an update, an SEC spokesperson confirmed that the hackers obtained control of the mobile phone number linked to the compromised X account via SIM-swapping.

“Access to the phone number occurred via the telecom carrier, not via SEC systems. SEC staff have not identified any evidence that the unauthorised party gained access to SEC systems, data, devices, or other social media accounts,” said the spokesperson.

“Once in control of the phone number, the unauthorised party reset the password for the @SECGov account. Among other things, law enforcement is currently investigating how the unauthorised party got the carrier to change the SIM for the account and how the party knew which phone number was associated with the account. 

“While multifactor authentication (MFA) had previously been enabled on the @SECGov X account, it was disabled by X support, at the staff’s request, in July 2023 due to issues accessing the account. Once access was re-established, MFA remained disabled until staff re-enabled it after the account was compromised on 9 January. MFA currently is enabled for all SEC social media accounts that offer it,” they added.

What is SIM-swapping?

A successful

This is the hidden content, please
occurs when a threat actor is able to convince the mobile network operator (MNO) to switch the victim’s mobile number to a new device.

This is generally achieved through phishing against the victim to obtain data such as personally identifiable information (PII), credentials and answers to security questions (mother’s maiden name, make and model of first car, and so on).

They can then contact the MNO and register a new SIM card to the victim’s account, taking it over and gaining access to any call or SMS data, or accounts that may be linked to the victim’s phone number.

Because many online accounts, from banking to social media, rely on mobile authentication to retrieve or reset their credentials, the attackers can then take complete control of their victim’s digital life, emptying bank accounts or co-opting their social media.

Unfortunately, all too often, the victim will be unaware they have been targeted until their mobile device suddenly stops being able to send or receive calls or texts, at which point it is too late.

Ordinary people can take steps to safeguard themselves against this ******* vector. Historically, the most effective method has been held to be utilising MFA across key accounts – though even this is not infallible, particularly if it relies on SMS one-time passcodes. More effective is to use authenticator apps from the likes of

This is the hidden content, please
or
This is the hidden content, please
. Most effective is not to link a mobile phone number to online accounts if it can be avoided.

In the SEC’s case, the ******* appears to have been limited to pranking or trolling crypto enthusiasts, but nevertheless, manipulating financial markets in this way is ********, and if the culprits are caught and found to be in the US – or a country with which the US shares an extradition treaty – they can expect stiff penalties.

Ilia Kolochenko, a cyber ****** educator and founder and chief executive of

This is the hidden content, please
, said the incident could have been a lot worse.

“While the SEC’s X account hack is a minor security incident, all governmental agencies should review the security of their social network accounts,” he said.

“A breach of the SEC account can cause market volatility for a short time, however, a message on X by the US Department of Defense announcing war or a nuclear strike could trigger unpredictable and devastating consequences globally.”



This is the hidden content, please

#SEC #bitcoin #hack #result #SIMswapping

This is the hidden content, please

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.