The US Securities and Exchange Commission said on Friday that its systems and equipment had not been hacked by the party that posted a fake Bitcoin ETF approval announcement on Twitter earlier this week.
On Tuesday, the SEC's official It ultimately turned out to be fake who could gain access to the account via the associated phone number. On Friday, the SEC statement provided a timeline of Tuesday's events, saying the first “unauthorized post” came at 4:11 p.m. ET (9:11 p.m. UTC) and SEC Chairman Gary Gensler released his clarification 15 minutes later.
The statement said SEC employees never lost access to the account. They said they deleted the fake post, unliked several other Bitcoin-related tweets and shared an update to the main SECgov account within 30 minutes.
“Employees also contacted X.com for assistance in stopping unauthorized access to the @SECGov account. Based on currently available information, employees believe that unauthorized access to the account was terminated between 4:40 p.m. ET and 5:30 p.m. ET,” the statement said.
An SEC spokesman said Wednesday that the FBI was investigating the matter, adding that the SEC did not write the message (dispelling rumors that the fake approval notice was a previously scheduled announcement that was released ahead of schedule became). Friday's statement added that the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) was also investigating.
On Wednesday, the SEC approved nearly a dozen Bitcoin ETF applications, which began trading a day later.
The hack alarmed a number of lawmakers, who publicly demanded answers about how it happened. Senators Ron Wyden (D-Ore.) and Cynthia Lummis (R-Wyo.) released a letter Thursday calling on SEC Inspector General Deborah Jeffrey's office to open an investigation into the hack “and the SEC's apparent failure to “Follow cybersecurity best practices.”
Future hacks could harm public markets and their stability, the letter said.
The letter was addressed to Senators JD Vance (R-Ohio) and Thom Tillis (R-N.C.), who also asked Gensler to brief their teams on a number of questions surrounding the hack and the SEC's decision-making on Bitcoin ETFs information, including how the SEC “plans to recover any financial losses incurred by investors as a result of the erroneous announcement.”
“The SEC takes its cybersecurity obligations seriously. Commission staff is still assessing the impact of this incident on the agency, investors and the market, but recognizes that this impact also includes concerns about the security of the SEC's social media accounts. “Staff will continue to assess whether additional remedial action is warranted,” the SEC’s statement said Friday.