“It really shows the breadth and frequency of cyberattacks,” said Kurt Gottschall,a partner at law firm Haynes Boone and former SEC regional director. “The irony here is that the SEC has not shown much sympathy to public companies and asset managers that have experienced cybersecurity incidents.”
The breach gave fodder to crypto faithful who have long viewed the commission’s chair,Gary Gensler,as an enemy due to his zeal to rein in the industry.
The irony of a cybersecurity incident befalling a regulator that’s repeatedly warned of crypto’s online vulnerabilities was not lost on critics who have spent years waiting for the SEC to approve a Bitcoin exchange-traded fund (ETF). Traders have been speculating for weeks that the agency could approve several of the products as soon as Wednesday.
In statements late on Tuesday,the regulator said that it would work with law enforcement to investigate the incident,the unauthorised access had been terminated,and that the post wasn’t made by the SEC or its staff. In a separate statement,Gensler clarified that no decision on ETFs had been made.
The social media service said in a post that “an unidentified individual” compromised the SEC’s account by acquiring control of an associated phone number. It added that the account didn’t have two-factor authentication enabled at the time of the incident. Such authentication adds an extra layer of security that’s become increasingly common as cyberattacks proliferate.
The SEC didn’t immediately respond to an emailed message sent outside regular business hours seeking comment on X’s initial assessment.