The X Safety team has revealed that the United States Securities and Exchange Commission did not have two-factor authentication (2FA) enabled on its main X account, allowing a hacker to gain access to its account. 

The embarassing revelation for the SEC comes immediately following a security breach that rocked crypto markets with a false confirmation of a spot Bitcoin ETF from the SEC’s official account on the social media platform.

In a Jan. 10 post, X’s Safety page wrote that the SEC hack occurred as a result of an unidentified actor gaining control of the phone number associated with the account, and using that to gain access to SEC’s official X page. This is more commonly known as a SIM swap hack .

We can confirm that the account @SECGov was compromised and we have completed a preliminary investigation. Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number…

— Safety (@Safety) January 10, 2024

“Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party,” wrote X Safety.

“We can also confirm that the account did not have two-factor authentication enabled at the time the account was compromised.”

This is a developing story, and further information will be added as it becomes available.