Official SEC’s X account compromised, leading to Bitcoin chaos

Justyna Obara
Cybersecurity Content Writer
SEC’s X account compromised

One fake tweet, a significant increase in the price of Bitcoin.

On January 9, 2024, Gary Gensler, the U.S. Securities and Exchange Commission chair, announced that the official SEC’s X account — @SecGOV — was compromised. As we know now, a hacker gained control over a phone number associated with the X account and took over @SecGOV. The “infamous” fake tweet granted permission for Bitcoin EFTs, leading to a frenzy in the cryptocurrency market and causing many X users to question the social platform's security.

Let’s discuss what happened and how you can prevent the “SEC Bitcoin scenario” from happening to your business.

What do we know so far about the “SEC Bitcoin incident”?

According to Reuters, the false tweet stated that the SEC had approved Exchange-Traded Funds (EFTs) to hold Bitcoin and was deleted 30 minutes after publication. EFTs are investment funds that track the performance of a specific index, commodity, or basket of assets; Bitcoin Exchange-Traded Funds would allow investors to buy and share the cryptocurrency without directly owning it.

The securities regulator’s approval was highly anticipated and led to the Bitcoin price reaching nearly $48,000 (for comparison, on January 17, the cryptocurrency value was less than $42,500).

According to X, an unidentified individual gained control over a phone number associated with the SEC’s X account through a third party. At the time of the breach, the account was not secured with two-factor authentication, a security measure that probably would have prevented the breach.

Although the X safety team denied the “SEC Bitcoin incident” had anything to do with the social media platform's vulnerabilities, the breach fuels doubts about the security systems of X.

Take online security into your own hands

Business safety measures should be audited and updated as often as possible to keep pace with constantly evolving cyber threats. The SEC’s security team may have fallen short in this regard, but let’s learn from their mistake and discuss ways you can protect your company and personal X accounts.

1. Always use multi-factor authentication

The takeover of SEC’s X account was possible because its multi-factor authentication (MFA) was not activated. MFA is an additional layer of security for your online accounts: A safety measure that requires providing two or more factors of authentication to access an account. It employs a variety of factors to authenticate the user, such as biometrics, geolocation, or one-time passwords (OTPs), making the online account much more difficult to compromise.

Obviously, the more layers of security you set, the harder it is to break in. This is especially important in a business environment where different people often share access to one account or juggle apps and other working tools.

2. Choose a password manager that makes cybersecurity easy

We tend to think that cybercrime is based on advanced technology, but an awful lot of data breaches happen due to weak passwords or leaked credentials. That’s why building your company’s defense system should always start with an advanced password manager — a tool that allows you to generate, store, share, and autofill all the company’s passwords, credit card numbers, and other critical information.

When choosing the password manager for your business, it’s essential to consider one more factor on top of the necessary safety measures: its convenience. A user-friendly security tool like NordPass can quickly become part of the organization’s daily work, ensuring that all the company’s accounts are safe and sound.

3. Switch to passkeys

Passwords can be guessed, stolen, leaked, or reset. If you genuinely care about the company’s or your personal safety, you should forget passwords altogether and switch to passkeys.

Passkeys combine biometric verification, such as a user’s fingerprint or facial recognition, with cryptographic keys. This not only makes passkeys more convenient, but also establishes them as a more secure authentication method. Although X does not support passkeys at the moment, the company is believed to roll out this functionality in the near future.

If you deal with cryptocurrency and want to know how to keep it safe and sound, read our blog on protecting your digital assets.

Subscribe to NordPass news

Get the latest news and tips from NordPass straight to your inbox.