The Securities and Exchange Commission had not set up basic security features on its X account – which was used to send out a fake tweet about Bitcoin.

The US finance watchdog is in charge of regulating investments and what it says can dramatically move the price of stocks and shares – or crypto.

On Tuesday the agency’s X account was used by a hacker to post a fake tweet that momentarily drove up the price of bitcoin.

X has distanced itself from the incident, claiming the SEC account did not have ‘two-factor authentication’ set up.

Two-factor authentication is an increasingly common way to protect online accounts. It works by requiring the account holder to verify their identity on a separate device to the one on which they are trying to log on.

Elon Musk-owned social media platform X, formerly Twitter , has claimed none of its own security systems failed and blamed the SEC’s poor security. Musk himself has been involved in spats with the SEC in the past

SEC chair Gary Gensler (pictured) published his own tweet just 15 minutes after the false one saying its official X account had been ‘compromised’

X has distanced itself from the incident, claiming the SEC account did not have ‘two-factor authentication’ set up and that a hacker was able to gain control of the phone number linked to the SEC account

The false tweet was published by the SEC’s official X account and said the agency had approved spot bitcoin exchange-traded funds (ETFs).

Many bitcoin investors have been eagerly awaiting the SEC approval because it will likely result in an influx of investment into bitcoin-related assets, thereby driving up its value.

In response to the fake tweet the price of bitcoin spiked to above $48,000.

Fifteen minutes after it was published, the chair of the SEC, Gary Gensler, posted a tweet from his own account saying the agency’s X account had been ‘compromised’. Bitcoin then fell back down to around $46,000.

The episode was hugely embarrassing for the SEC, a federal agency which is meant to protect investors against unfair manipulation of financial markets.

Elon Musk-owned social media platform X, formerly Twitter, has claimed none of its own security systems failed.

‘Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party,’ read a tweet from one its accounts, posted on Tuesday evening.

The fake tweet (pictured) was published at 4.11pm on Tuesday and came from the SEC’s official account

Bitcoin then fell back down to around $46,000 after the chair of the SEC, Gary Gensler, posted a tweet from his own account saying the agency’s X account had been ‘compromised’

‘We can also confirm that the account did not have two-factor authentication enabled at the time the account was compromised. We encourage all users to enable this extra layer of security,’ it added.

Musk himself has been involved in spats with the SEC in the past, most famously over its claims that he manipulated the value of Tesla stock by tweeting in 2018 that he would take Tesla private at $420 per share.

After the incident on Tuesday he criticized CNBC, which reported shortly after news of the false tweet spread that ‘X was hacked’.

‘That’s how the legacy media runs,’ he tweeted in response to a post suggesting the statement was false and that X itself was not hacked.

Additional backlash has come from US Senators J.D. Vance and Thom Tillis, who sent a public letter to Gensler seeking an explanation for the ‘unacceptable’ security breach.
‘These developments raise serious concerns regarding the Commission’s internal cybersecurity procedures and are antithetical to the Commission’s tripart mission to protect investors, maintain fair, orderly and efficient markets, and facilitate capital formation,’ it read.