For some time, social media accounts were regarded as being of relatively low value to hackers and likely not worth the attention of advanced attackers. That has changed for a number of reasons, not the least of which has been the use of high-profile Twitter or X accounts to run crypto scams. A variation of this tactic took place ahead of the SEC’s Bitcoin ETF decision, with hackers making a fake announcement a day early that may have been intended to artificially pump coin prices.
Early Bitcoin ETF announcement posted by unknown hackers
The SEC’s policy is to first announce major decisions (like the Bitcoin ETF news) via a media statement, press release or its own website, before follow-up “convenience posts” are made on social media. This was apparently not well-known enough, however, as the hackers leveraged access to the SEC X account to lure major crypto exchanges (and even major news outlets) into signal-boosting the fake news.
The platform formerly known as Twitter now has a long history of drawing crypto scammers, who apply a wide range of tactics on the site: creating “lookalike” accounts for public figures, spamming post comments with links, and even purchasing malicious ads. The more advanced criminal groups have repeatedly found ways to take over celebrity accounts, and in most cases have used them to link to some sort of fake crypto offering or another.
In fact, the Bitcoin ETF incident is part of a small wave of crypto-related account takeovers that has been going on since late last year. Some cybersecurity firms have found themselves targeted, with even Mandiant temporarily losing control of its account to start 2024.
It isn’t yet known exactly how the hackers broke into the SEC’s account, but X’s corporate safety team was quick to release a statement indicating that a phone number associated with the account was compromised and that two-factor authentication had not been enabled. That would point to SIM swapping, something that would shift most of the blame to the phone carrier rather than X.
High-profile X accounts increasingly requiring secure MFA
The Bitcoin ETF scheme took advantage of an anticipated announcement from the SEC, one that was eventually made the next day. A set of 11 firms have been given permission to offer “spot bitcoin” products, or bitcoin in an investment wrapper that doesn’t require the investor to actually purchase crypto themselves. There was a lot of speculation about what would happen to bitcoin prices if approval was given, with experts going both ways in their opinion; what ended up happening was a very significant spike following the fake announcement from the X account, and then a much smaller increase the following day when the real announcement was made.
The surge from the fake announcement self-corrected fairly quickly, even taking the price of bitcoin down by about 3% when all was said and done. That was in part due to a quick response by the SEC, with chair Gary Gensler using his own X account to refute the Bitcoin ETF announcement about 15 minutes after it was posted.
While the incident did relatively little lasting damage and will probably soon be forgotten, the key takeaway is that high-profile social media accounts must absolutely be protected with a secure measure of MFA. Codes sent by email or SMS remain vulnerable to SIM swaps, meaning something like an authenticator app or hardware key is a much better choice.