US officials charged a man with compromising the official Twitter/X account of the Securities and Exchange Commission for purposes of posting false information that caused the price of bitcoin to spike.
The January attack, federal prosecutors said, started with a SIM-swap, a form of fraud that takes control of a cell phone number by assuming the identity of the person the number belongs to. The attacker then uses the false identity to induce an employee of the cellular carrier to move the phone number off the current Subscriber Identity Module card, a small chip that connects a device to a specific carrier account. Then, the attacker has the number transferred to a new SIM card, usually under the pretense that the fraudulent account holder has just obtained a new device.
Not the SEC announcement you think it is
The number at issue in the SIM swap, an indictment unsealed on Thursday said, was used to provide two-factor authentication for the SEC X account, which authorized commission personnel to post official communications. One of the people connected to the conspiracy then used the 2FA code to compromise the X account to tweet false information that caused the price of a single bitcoin to increase by $1,000.