The
U.S.
Securities
and
Exchange
Commission
said
Friday
its
systems
and
devices
were
not
breached
by
the
party
responsible
for
tweeting
out
a
fake
bitcoin
ETF
approval
announcement
earlier
this
week.
On
Tuesday,
the
SEC’s
official
X
(formerly
Twitter)
account,
@SECgov,
tweeted
that
the
agency
had
approved
a
number
of
spot
bitcoin
exchange-traded
fund
(ETF)
applications
to
begin
trading,
a
message
that
was
ultimately
shown
to
be
faked
by
someone
who
was
able
to
gain
access
to
the
account
through
the
phone
number
associated
with
it.
On
Friday,
the
SEC
statement
provided
a
timeline
of
events
on
Tuesday,
saying
the
first
“unauthorized
post”
came
at
4:11
p.m.
ET
(21:11
UTC),
and
SEC
Chair
Gary
Gensler
published
his
clarification
15
minutes
later.
The
statement
suggested
that
SEC
staff
never
lost
access
to
the
account,
saying
they
had
deleted
the
fake
post,
un-liked
some
other
bitcoin-related
tweets
and
shared
an
update
on
the
main
SECgov
account
within
30
minutes.
“Staff
also
reached
out
to
X.com
for
assistance
in
terminating
the
unauthorized
access
to
the
@SECGov
account.
Based
on
information
currently
available,
staff
believe
that
the
unauthorized
access
to
the
account
was
terminated
between
4:40
pm
ET
and
5:30
pm
ET,”
the
statement
said.
An
SEC
spokesperson
said
on
Wednesday
that
the
FBI
was
investigating
the
issue,
adding
that
the
SEC
did
not
draft
the
message
(dispelling
rumors
that
the
fake
approval
notice
was
an
already
planned
announcement
that
was
released
prematurely).
Friday’s
statement
added
that
the
Department
of
Homeland
Security’s
Cybersecurity
and
Infrastructure
Security
Agency
(CISA)
are
also
investigating.
On
Wednesday,
the
SEC
did
approve
nearly
a
dozen
bitcoin
ETF
applications,
which
began
trading
a
day
later.
The
hack
alarmed
a
number
of
lawmakers,
who
publicly
demanded
answers
about
how
it
happened.
Senators
Ron
Wyden
(D-Ore.)
and
Cynthia
Lummis
(R-Wyo.)
published
a
letter
on
Thursday
asking
that
SEC
Inspector
General
Deborah
Jeffrey’s
office
open
an
investigation
into
the
hack
“and
the
SEC’s
apparent
failure
to
follow
cybersecurity
best
practices.”
Future
hacks
could
harm
public
markets
and
their
stability,
the
letter
said.
The
letter
followed
Senators
J.D.
Vance
(R-Ohio)
and
Thom
Tillis
(R-N.C.),
who
similarly
asked
Gensler
to
brief
their
teams
on
a
number
of
questions
around
the
hack
and
the
SEC’s
decision-making
on
bitcoin
ETFs,
including
how
the
SEC
“plans
to
rectify
any
financial
losses
borne
by
investors
as
a
result
of
the
errant
announcement.”
“The
SEC
takes
its
cybersecurity
obligations
seriously.
Commission
staff
are
still
assessing
the
impacts
of
this
incident
on
the
agency,
investors,
and
the
marketplace
but
recognize
that
those
impacts
include
concerns
about
the
security
of
the
SEC’s
social
media
accounts.
The
staff
also
will
continue
to
assess
whether
additional
remedial
measures
are
warranted,”
the
SEC’s
statement
on
Friday
said.