SEC has not yet approved spot bitcoin ETF, regulator’s X account lacked two-factor authentication

The U.S. Securities and Exchange Commission (SEC) has confirmed that it has not yet approved the listing and trading of spot bitcoin ETFs, and that a previous announcement suggesting otherwise was false.

Yesterday after 10 PM, the official X (formerly Twitter) profile of the SEC posted a tweet claiming that the regulator had approved spot bitcoin ETFs for the first time. About 15 minutes later, SEC Chairman Gary Gensler stated that the regulator had not approved the listing and trading of spot bitcoin products.

The initial ‘unauthorized announcement’ claimed that the Commission had given approval for bitcoin ETFs to be listed on U.S. exchanges, displaying a photo and a false quote from the SEC chairman.

The SEC also retracted the initial tweet, although it had already garnered millions of views at that point. The SEC stated to the media that the unauthorized tweet was not made by the SEC or its staff.

Many expected the SEC to announce a decision on the spot bitcoin ETF in the next two days after several asset managers completed some of the final filings.

Although the social media announcement was false, the SEC could still approve the spot bitcoin ETF. Neither Gensler’s statement nor the SEC’s tweet indicated that the SEC plans to approve or reject the investment instrument.

Today is the deadline for a decision on the ETF ARK Invest and 21Shares, which analysts believe could lead to simultaneous approvals for other asset managers.

Before Gensler’s statement claiming that the SEC’s X account was compromised, crypto users and the market reacted accordingly. The price of bitcoin rose by about 2.5 percent from $46,729 to $47,901 before falling by about 7 percent to $44,701. Bitcoin is currently trading below $46,000, according to CoinMarketCap.

Some on social media suggested that the information contained in the retracted SEC tweet was accurate but was released prematurely, and that the person managing the SEC’s X profile accidentally posted it instead of scheduling the tweet for a future release.

However, the security team on X discovered that the SEC had not enabled two-factor authentication (2FA) on its main X account, which allowed a hacker to gain access.

In a post, X’s security page stated that the SEC was hacked because an unidentified actor took control of the phone number associated with the account and used it to access the SEC’s official X page. This is more commonly known as a SIM swap attack.