In a troubling revelation, the US Securities and Exchange Commission (SEC) has confirmed that a key security procedure was suspended for six months when hackers gained access to its X account. The incident occurred in January when the hackers posted a fake announcement about Bitcoin, causing the cryptocurrency's value to surge before the post was deleted.

The security breach occurred because the SEC did not have multi-factor authentication (MFA) in place for its X account, giving the hackers an opportunity to exploit the vulnerability. Cybersecurity experts are now urging other governmental agencies to reevaluate the security of their social network accounts.

The SEC issued a statement explaining that although MFA had been previously enabled on the @SECGov X account, it was later disabled in July 2023 due to difficulties accessing the account. Unfortunately, MFA remained disabled until after the account was compromised on January 9. The statement also assured that MFA is now enabled for all SEC social media accounts that offer it.

The SEC confirmed that the account was compromised through a scam known as "Sim-swapping," where the fraudsters convinced a mobile operator to transfer an SEC employee's phone number to a new SIM card. The targeted employee had their phone number associated with the SEC's X account, allowing the hacker to reset the password, gain access, and make the fraudulent Bitcoin announcement.

Following the post, Bitcoin experienced a sharp surge in value, reaching $48,000 (£37,800) before the announcement was withdrawn. While the SEC has subsequently confirmed the regulatory change for Bitcoin, the value of the cryptocurrency has dropped, currently standing at just over $38,600 as of Tuesday, marking its lowest value in 2024 thus far.

A Sim-swapping attack typically involves hackers contacting a mobile phone operator, pretending to have lost the targeted phone, and requesting a new SIM card. Sometimes, the hackers even visit the store in person to carry out the con. MFA, which was not in place at the time of the breach, is meant to safeguard against such hacking methods. MFA can take various forms, including a dedicated app providing a pin code for website verification or a text message, although the latter is considered less secure.

It is hoped that this incident will serve as a wake-up call to address the shortage of cybersecurity staff and bolster the security measures implemented by governmental entities. Meanwhile, three councils have stated that they are working with the National Cyber Security Centre after experiencing similar attacks.

Market players are now eagerly awaiting an upcoming announcement by US regulators regarding new Bitcoin investment instruments, which is expected to provide further clarity and guidance for the cryptocurrency industry.