S.E.C. Social Media Hack That Sent Bitcoin Soaring Prompts Investigation
The hack of a social media account used by the Securities and Exchange Commission is prompting both internal and external investigations into how the security breach occurred and whether anyone tried to profit from it, said the commission and several legal experts.
The S.E.C. said in a statement on Wednesday that it was coordinating an investigation into the hack that occurred the prior day “with appropriate law enforcement entities, including the S.E.C.’s Office of the Inspector General and the F.B.I.”
John Reed Stark, a former S.E.C. enforcement lawyer and regulatory consultant on cybersecurity, said the commission’s inspector general would need to investigate how a hacker was able to access the S.E.C.’s official account on X — formerly Twitter — to post a false message that the commission had approved several Bitcoin investment products.
“This is, unfortunately, a glaring failure of basic cyber-hygiene,” Mr. Stark said.
He also said federal prosecutors would very likely open a separate investigation into whether the hack was part of an attempt to profit from changes in Bitcoin’s price spiking. Mr. Stark added that it did not matter whether the hackers made any money from trading during the 15 minutes or so the post was online, but whether they had the criminal intent to do so.
Daniel Hawke, a partner at the law firm Arnold & Porter and a former director of the S.E.C.’s market abuse unit, said the fake post had all the hallmarks of an attempt to “manipulate the crypto markets.”
Some in Congress also want to learn more about the hack and the S.E.C.’s diligence. The House Financial Services Committee on Wednesday afternoon sent a letter to Gary Gensler, the S.E.C.’s chair, asking for a “briefing” on the incident no later than Jan. 17.
A spokesman for the Justice Department declined to comment. A spokesman for the S.E.C.’s inspector general said, “We are currently evaluating the circumstances and reviewing the S.E.C.’s statements.”
In a post on Tuesday night, X said that the hacker had used a phone number associated with the S.E.C. account, and that the government agency did not have the two-factor authentication security feature in place to…
