A SIM-swapping attack was behind the SEC’s fake Bitcoin post

Share via:

Photo by Amelia Holowaty Krales / The Verge

The Securities and Exchange Commission has linked a SIM swapping attack to its account breach on X earlier this month, which led to the creation of a fake post announcing approval of Bitcoin ETFs that caused the cryptocurrency’s price to spike. In an update on Monday, the SEC says an “unauthorized party obtained control of the SEC cell phone number associated with the account in an apparent ‘SIM swap’ attack.”

A SIM-swapping attack occurs when a bad actor obtains a victim’s phone number through techniques like social engineering. That allows the attacker to intercept calls and texts intended for the victim, including two-factor authentication codes, which they can then use to sign in to their victim’s accounts.

In the SEC’s case, a bad actor reset the password for its X account after gaining control of the phone number linked to it. While the SEC says multifactor authentication was previously enabled on the agency’s X account, it was “disabled by X Support, at the staff’s request, in July 2023 due to issues accessing the account.” The SEC only reenabled MFA after it realized its account was compromised on January 9th, and says it has MFA active on all of its other social media accounts that have the option.

The SEC says law enforcement is still investigating how the attacker found out which phone number it was using for its X account, and how they got the mobile carrier to swap SIMs.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

A SIM-swapping attack was behind the SEC’s fake Bitcoin post

Photo by Amelia Holowaty Krales / The Verge

The Securities and Exchange Commission has linked a SIM swapping attack to its account breach on X earlier this month, which led to the creation of a fake post announcing approval of Bitcoin ETFs that caused the cryptocurrency’s price to spike. In an update on Monday, the SEC says an “unauthorized party obtained control of the SEC cell phone number associated with the account in an apparent ‘SIM swap’ attack.”

A SIM-swapping attack occurs when a bad actor obtains a victim’s phone number through techniques like social engineering. That allows the attacker to intercept calls and texts intended for the victim, including two-factor authentication codes, which they can then use to sign in to their victim’s accounts.

In the SEC’s case, a bad actor reset the password for its X account after gaining control of the phone number linked to it. While the SEC says multifactor authentication was previously enabled on the agency’s X account, it was “disabled by X Support, at the staff’s request, in July 2023 due to issues accessing the account.” The SEC only reenabled MFA after it realized its account was compromised on January 9th, and says it has MFA active on all of its other social media accounts that have the option.

The SEC says law enforcement is still investigating how the attacker found out which phone number it was using for its X account, and how they got the mobile carrier to swap SIMs.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

SUGAR Fosters Ties With Unicommerce To Boost Upselling

SUMMARY The BPC startup will be utilising Unicommerce's omnichannel...

Chandigarh’s shady ’one-dish’ restaurants on Zomato: Odd names, vague...

Zomato users in Chandigarh have stumbled upon an unusual...

CoinSwitch Launches SmartInvest To Minimise Crypto Trade Risks

SUMMARY CoinSwitch has rolled out a new service called...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!