A SIM-swapping attack was reportedly behind the fake Bitcoin post of the SEC. and according to the SEC, a bad actor reportedly got control of the phone number that is associated with the agency’s X account.
SIM-Swapping Attack Behind the Fake Bitcoin Post
The SEC has linked a recent account breach on X to a SIM swapping attack, resulting in the creation of a fake post announcing Bitcoin ETF approval and causing a spike in cryptocurrency prices. In an update on Monday, the SEC revealed that an “unauthorized party obtained control of the SEC cell phone number associated with the account in an apparent ‘SIM swap’ attack.”
What is A SIM-Swapping Attack
A SIM-swapping attack involves a malicious actor obtaining the victim’s phone number, often through social engineering techniques. This allows the attacker to intercept calls and texts, including two-factor authentication codes, intended for the victim. Subsequently, the attacker can use this information to gain unauthorized access to the victim’s accounts.
How SEC Was Attacked
In the SEC’s situation, a malicious actor reset the password for its X account by gaining control of the associated phone number. Despite multifactor authentication (MFA) being previously enabled on the agency’s X account, it was later disabled by X Support in July 2023 due to issues accessing the account, as per staff request. The SEC only reenabled MFA after realizing the account compromise on January 9th. The SEC emphasizes that MFA is active on all its other social media accounts where the option is available.
The Whole Development Is Under Investigation
Law enforcement is actively investigating how the attacker discovered the phone number linked to the SEC’s X account and how they convinced the mobile carrier to execute a SIM swap.
MORE RELATED POSTS
- After Sec Fight Coinbase Cancels Lend Program – Coinbase CEO Thread on Twitter
- New SEC Rules Demand More Transparency Surrounding Cyberattacks
- Banks Reportedly Fined for Hiding Messages in iMessage and Signal
- Major Facebook Identity Theft Campaign Is Active
- PayPal Received a Subpoena from SEC About Its Stablecoin Linked to USD