The US Securities and Exchange Commission (SEC) said no other systems at the agency were compromised during the brief hack of its X account earlier this week.
"While SEC staff is still assessing the scope of the incident, there is currently no evidence that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts," the SEC said in a fresh statement released Friday.
The statement also provided more details into the timeline of what happened.
An unauthorized third party had hacked into the SEC’s social media account on January 9th, posting a fake message purportedly from SEC chair Gary Gensler regarding the ‘false approval’ of a new bitcoin EFT at exactly 4:11 p.m. ET.
The hacker then broadcast a second post two minutes later that said “$BTC,” which they eventually deleted, the SEC stated.
At 4:26 p.m. staff in the Office of Public Affairs alerting the public that the @SECGov account had been compromised, and was able to deleted the unauthorized post by 4:42 p.m.
Additionally, the unknown party liked two posts by non-SEC accounts, but the agency did not name those accounts and was able to un-like the posts at the time.
The SEC, enlisting the help of X, was able to boot the hacker out of the account sometime between 4:40 p.m. and 5:30 p.m., it said.
The fictitious post caused a jump in the price of bitcoin, resulting in a trading boon for crypto investors savvy enough to take advantage of the windfall.
Insiders say some traders may have netted billions in profits from the snafu, which could take months to decipher on the blockchain, and that the SEC will likely have to investigate itself for market manipulation.
The SEC – which did not have its two-factor authentication activated on its X security settings – revealed an “unidentified individual” was able to breach the account by taking control of a phone number associated with it.
The entire ordeal has triggered multiple government oversight probes, including the FBI, House Financial Committee, the SEC Inspector General, and now the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.
The SEC statement also reminded readers that the Commission does not use social media channels to make its actions public; only to amplify announcements made on the SEC website.
The Commission wound up approving the spot bitcoin exchange-traded funds the following day.
More from Cybernews:
Subscribe to our newsletter