The Securities and Exchange Commission said on Tuesday an “unknown party” had hacked its official account on the social media platform X to promote bitcoin, the latest of multiple hacks used to push cryptocurrencies.
The account @SECGov posted on the platform, formerly known as Twitter, that the agency had approved bitcoin exchange-traded funds for listing on national exchanges.
The posting occurred shortly after 4 pm and attracted millions of views before the SEC wrested control back and declared that the earlier statement was false. By that time, the initial post had been reported by some media outlets.
SEC chair Gary Gensler later posted on X that the agency’s “account was compromised, and an unauthorized tweet was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products.”
His post followed an SEC statement that the hacker had taken control for a brief period.
“The SEC will work with law enforcement and our partners across government to investigate the matter and determine appropriate next steps relating to both the unauthorized access and any related misconduct,” said spokesperson Stephanie Allen.
Bitcoin backers have asked the SEC for permission to list such funds repeatedly, since they would give investors a more regulated way to participate in the crypto markets.
The false post briefly drove a spike in bitcoin prices, so that anyone with knowledge of the scam could have reaped a major profit.
The hijack was also notable because the account was not only a source for official news but one branded by X with a silver check mark, meaning that it had been verified as a prominent and important government account.
It is unclear whether such accounts include special security arrangements, but it would be surprising if the SEC account did not include at least a minimal form of two-factor authentication.
The hack follows that of smaller government accounts and those of some accounts with gold checks, which are given to private organizations, over the past few weeks.
Since those accounts are also likely to have two-factor authentication, some security experts believe the spate of hijacks suggest a broad vulnerability or new technique is in play. X did not respond to an email seeking comment.
THE WASHINGTON POST