SEC Statement on the Hack of Its X Account and the Resulting Fake Bitcoin ETF Approval Announcement

Based mostly on present info, employees understands that, shortly after 4:00 pm ET on Tuesday, January 9, 2024, an unauthorized social gathering gained entry to the @SECGov X.com account by acquiring management over the cellphone quantity related to the account. The unauthorized social gathering made one submit at 4:11 pm ET purporting to announce the Fee’s approval of spot bitcoin exchange-traded funds, in addition to a second submit roughly two minutes later that mentioned “$BTC.” The unauthorized social gathering subsequently deleted the second submit, however not the primary. Utilizing the @SECGov account, the unauthorized social gathering additionally preferred two posts by non-SEC accounts. Whereas SEC employees continues to be assessing the scope of the incident, there may be presently no proof that the unauthorized social gathering gained entry to SEC programs, knowledge, gadgets, or different social media accounts.

Upon changing into conscious of the incident, employees within the Workplace of Public Affairs posted to the official @garygensler X.com account at 4:26 pm ET, alerting the general public that the @SECGov account had been compromised, an unauthorized submit was made, and the Fee had not accepted the itemizing and buying and selling of spot bitcoin exchange-traded merchandise. Workers deleted the primary unauthorized submit on the @SECGov account, un-liked the 2 preferred posts, and, at 4:42 pm ET, made a brand new submit on the @SECGov account stating that the account had been compromised. Workers additionally reached out to X.com for help in terminating the unauthorized entry to the @SECGov account. Based mostly on info presently obtainable, employees imagine that the unauthorized entry to the account was terminated between 4:40 pm ET and 5:30 pm ET.

The SEC takes its cybersecurity obligations critically. Fee employees are nonetheless assessing the impacts of this incident on the company, traders, and {the marketplace} however acknowledge that these impacts embody considerations in regards to the safety of the SEC’s social media accounts. The employees additionally will proceed to evaluate whether or not further remedial measures are warranted.

Workers are coordinating with applicable regulation enforcement and federal oversight entities, together with the SEC’s Workplace of Inspector Basic, the Federal Bureau of Investigation, and the Division of Homeland Safety’s Cybersecurity and Infrastructure Safety Company, amongst others, of their investigations. The company will present updates on the incident as applicable. Importantly, the Fee makes its actions public on the Fee’s web site, http://www.sec.gov. The Fee doesn’t use social media channels to make its actions public; social media posts solely amplify bulletins which are made on our web site.