Sens. Wyden and Lummis demand investigation into SEC's false post on X about spot bitcoin ETFs
Quick Take
- Sens. Ron Wyden, D-Ore. and Cynthia Lummis, R-Wyo., asked SEC Inspector General Deborah J. Jeffrey to open an investigation into what happened when the SEC’s X account was compromised.
- Axios first reported the news on Friday.
Senate Finance Committee Chair Sen. Ron Wyden, D-Ore., and Sen. Cynthia Lummis, R-Wyo., are calling for an investigation into what caused the SEC's X account to be compromised earlier this week.
The two asked SEC Inspector General Deborah J. Jeffrey on Thursday to open an investigation into what happened as well as the "SEC’s apparent failure to follow cybersecurity best practices." Axios first reported the news on Friday.
A phony post went out to the SEC's hundreds of thousands of followers on Tuesday that said the agency had granted approval for the listing of spot bitcoin ETFs, which was not the case at the time. After that post on Tuesday, Chair Gary Gensler quickly posted from his personal account that the SEC's X account had been compromised, and on Wednesday the agency officially approved spot bitcoin ETFs.
X confirmed in a post that the SEC's X account was compromised, as someone obtained control over a phone number associated with the account. The platform's security team noted that the SEC did not set up two-factor authentication for its account when it was compromised.
If X's statement is correct, the SEC's social media accounts should have been kept safe using industry best practices, Wyden and Lummis said.
"Not only should the agency have enabled MFA, but it should have secured its accounts with phishing-resistant hardware tokens, commonly known as security keys, which are the gold standard for account cybersecurity," the senators said.
The SEC has said it is working with the SEC's Office of the Inspector General and FBI to figure out what went wrong, and a spokesperson said earlier that the agency will provide updates as appropriate.
Past warnings
"Management of the SEC has received ample warning of the dangers of poor cybersecurity practices from your office," Wyden and Lummis said, citing a few past reports.
A report from the SEC's inspector general's office in December found that "the SEC’s information security program and practices were not effective," and said though the agency had made progress, other fixes needed to be made.
"Additionally, a hack resulting in the publication of material information for investors could have significant impacts on the stability of the financial system and trust in public markets, including potential market manipulation," Lummis and Wyden said. "We urge you to investigate the agency’s practices related to the use of MFA, and in particular, phishing-resistant MFA, to identify any remaining security gaps that must be addressed."
Wyden and Lummis said they want an update on the investigation and the SEC's remediation by Feb. 12.
Other lawmakers have also looked to the SEC for answers over the past few days. House Republicans demanded a briefing from the agency and others criticized the SEC's handling of the compromised post.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
