SEC Statement on the Hack of Its X Account and the Resulting Fake Bitcoin ETF Approval Announcement results negative impact 2024

The U.S. S.e.curities and Exchange Commission released this statement in response to the hack of its X account that led to a fake announcement being issued in the Securities and Exchange Commission’s name saying the regulator had a approved a spot bitcoin exchange-traded fund:

Based on current information, staff understands that, shortly after 4:00 pm ET on Tuesday, January 9, 2024, an unauthorized party gained access to the Securities and Exchange Commission X.com account by obtaining control over the phone number associated with the account. The unauthorized party made one post at 4:11 pm ET purporting to announce the Commission’s approval of spot bitcoin exchange-traded funds, as well as a 2nd post approximately two minutes later that said “$BTC.”

The unauthorized party subsequently deleted the 2nd post, but not the first. Using the Securities and Exchange Commission account, the unauthorized party also liked two posts by non-Securities and Exchange Commission EC accounts. While Securities and Exchange Commission staff is still assessing the scope of the incident, there is currently no evidence that the unauthorized party gained access to Securities and Exchange Commission systems, data, devices, or other social media accounts.

Upon becoming aware of the incident, staff in the Office of Public Affairs posted to the official @garygensler X.com account at 4:26 pm ET, alerting the public that the @SECGov account had been compromised, an unauthorized post was made, and the Commission had not approved the listing and trading of spot bitcoin exchange-traded products.

Staff deleted the first unauthorized post on the @SECGov account, un-liked the two liked posts, and, at 4:42 pm ET, made a new post on the S.e.curities and Exchange Commission account stating that the account had been compromised. Staff also reached out to X.com for assistance in terminating the unauthorized access to the S.e.curities and Exchange Commission account.

Based on information currently available, staff believe that the unauthorized access to the account was terminated between 4:40 pm ET and 5:30 pm ET.

The Se.curities and Exchange Commission takes its cyber obligations seriously. Commission staff are still assessing the impacts of this incident on the agency, investors, and the marketplace but recognize that those impacts include concerns about the safety of the Securities and Exchange Commission social media accounts. The staff also will continue to assess whether additional remedial measures are warranted.