A SIM-Swapping Attack Was Reportedly Behind the Fake Bitcoin Post of The SEC

A SIM-swapping attack was reportedly behind the fake Bitcoin post of the SEC. and according to the SEC, a bad actor reportedly got control of the phone number that is associated with the agency’s X account.

SIM-Swapping Attack Behind the Fake Bitcoin Post

SIM-Swapping Attack Behind the Fake Bitcoin Post

The SEC has linked a recent account breach on X to a SIM swapping attack, resulting in the creation of a fake post announcing Bitcoin ETF approval and causing a spike in cryptocurrency prices. In an update on Monday, the SEC revealed that an “unauthorized party obtained control of the SEC cell phone number associated with the account in an apparent ‘SIM swap’ attack.”

What is A SIM-Swapping Attack

A SIM-swapping attack involves a malicious actor obtaining the victim’s phone number, often through social engineering techniques. This allows the attacker to intercept calls and texts, including two-factor authentication codes, intended for the victim. Subsequently, the attacker can use this information to gain unauthorized access to the victim’s accounts.

How SEC Was Attacked

In the SEC’s situation, a malicious actor reset the password for its X account by gaining control of the associated phone number. Despite multifactor authentication (MFA) being previously enabled on the agency’s X account, it was later disabled by X Support in July 2023 due to issues accessing the account, as per staff request. The SEC only reenabled MFA after realizing the account compromise on January 9th. The SEC emphasizes that MFA is active on all its other social media accounts where the option is available.

The Whole Development Is Under Investigation

Law enforcement is actively investigating how the attacker discovered the phone number linked to the SEC’s X account and how they convinced the mobile carrier to execute a SIM swap.



Please enter your comment!
Please enter your name here