A SIM-swapping attack was behind the SEC’s fake Bitcoin post

Share via:

Photo by Amelia Holowaty Krales / The Verge

The Securities and Exchange Commission has linked a SIM swapping attack to its account breach on X earlier this month, which led to the creation of a fake post announcing approval of Bitcoin ETFs that caused the cryptocurrency’s price to spike. In an update on Monday, the SEC says an “unauthorized party obtained control of the SEC cell phone number associated with the account in an apparent ‘SIM swap’ attack.”

A SIM-swapping attack occurs when a bad actor obtains a victim’s phone number through techniques like social engineering. That allows the attacker to intercept calls and texts intended for the victim, including two-factor authentication codes, which they can then use to sign in to their victim’s accounts.

In the SEC’s case, a bad actor reset the password for its X account after gaining control of the phone number linked to it. While the SEC says multifactor authentication was previously enabled on the agency’s X account, it was “disabled by X Support, at the staff’s request, in July 2023 due to issues accessing the account.” The SEC only reenabled MFA after it realized its account was compromised on January 9th, and says it has MFA active on all of its other social media accounts that have the option.

The SEC says law enforcement is still investigating how the attacker found out which phone number it was using for its X account, and how they got the mobile carrier to swap SIMs.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

A SIM-swapping attack was behind the SEC’s fake Bitcoin post

Photo by Amelia Holowaty Krales / The Verge

The Securities and Exchange Commission has linked a SIM swapping attack to its account breach on X earlier this month, which led to the creation of a fake post announcing approval of Bitcoin ETFs that caused the cryptocurrency’s price to spike. In an update on Monday, the SEC says an “unauthorized party obtained control of the SEC cell phone number associated with the account in an apparent ‘SIM swap’ attack.”

A SIM-swapping attack occurs when a bad actor obtains a victim’s phone number through techniques like social engineering. That allows the attacker to intercept calls and texts intended for the victim, including two-factor authentication codes, which they can then use to sign in to their victim’s accounts.

In the SEC’s case, a bad actor reset the password for its X account after gaining control of the phone number linked to it. While the SEC says multifactor authentication was previously enabled on the agency’s X account, it was “disabled by X Support, at the staff’s request, in July 2023 due to issues accessing the account.” The SEC only reenabled MFA after it realized its account was compromised on January 9th, and says it has MFA active on all of its other social media accounts that have the option.

The SEC says law enforcement is still investigating how the attacker found out which phone number it was using for its X account, and how they got the mobile carrier to swap SIMs.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Socium doubles down on Francophone Africa after $5M seed...

Demand for HR-tech solutions in Africa is growing,...

Accel, Flipkart To Rake In 5X Returns

SUMMARY Flipkart, which held a 13.2% stake, or 2.1...

Govt To Extend Import Authorisation Regime Till 2025: MeitY...

SUMMARY MeitY Secretary S Krishnan said that the Ministry...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!