The U.S. Securities and Exchange Commission said the recent breach of its X account didn’t affect the agency’s other systems.
“While SEC staff is still assessing the scope of the incident, there is currently no evidence that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts,” the SEC said in a statement.
The statement comes after someone briefly accessed the SEC account on X last week and posted a fake message, saying the agency had sanctioned exchange traded funds (ETF) for Bitcoin.
“Today the S.E.C. grants approval for Bitcoin E.T.F.s for listing on all registered national securities exchanges,” the post read. “The approved Bitcoin E.T.F.s will be subject to ongoing surveillance and compliance measures to ensure continued investor protection.”
This post caused the price of Bitcoin to shoot up to almost $48,000, before dropping below $45,000 after the S.E.C. announced the hack. The agency did approve the EFTs the next day.
SEC chair Gary Gensler posted that the agency’s account had been compromised and that the post didn’t come from the agency, but whoever hacked the account.
“The S.E.C. has not approved the listing and trading of spot bitcoin exchange-traded products,” Gensler wrote in his post on X.
An SEC spokeswoman later confirmed the hack in an emailed statement. Stephanie Allen, a spokeswoman for the agency, confirmed the hack, saying that “an unknown party” accessed the SEC account on X for a brief period.
“That unauthorized access has been terminated,” she said. “The S.E.C. will work with law enforcement and our partners across government to investigate the matter and determine appropriate next steps relating to both the unauthorized access and any related misconduct.”
In response to the hack, US lawmakers urged the agency to investigate the incident and improve its cybersecurity measures.
Rep. Ron Wyden (D-OR) and Rep. Cynthia Lummis (R-WY) said the attacker’s success to gain access to the account is the result of “SEC’s apparent failure to follow cybersecurity best practices”.
“We urge you to investigate the agency’s practices related to the use of MFA, and in particular, phishing-resistant MFA, to identify any remaining security gaps that must be addressed,” the representatives said in their letter.
Meanwhile, the SEC said it’ll work with law enforcement to get to the bottom of the attack.