SIM Swap Attack Behind U.S. Regulator Fake Crypto Announcement

In a recent revelation, the U.S. Securities and Exchange Commission (SEC) disclosed that its official X (formerly Twitter) account fell victim to a breach on January 9. The SEC, in collaboration with various law enforcement and federal oversight entities, is investigating the incident to understand the full extent of this unauthorized access. 

In the latest update on January 22, an SEC spokesperson shared further findings of the incident. This incident revealed a sophisticated attack leveraging a SIM swap technique. Ongoing coordination with law enforcement entities, including the SEC’s Office of Inspector General, the FBI, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, signals the intensity of efforts to address the breach. 

The acquired SIM card control allowed hackers to wrest control of the SEC’s phone number associated with the account and further, get access to the official X account of the regulator. 

The hijackers, armed with control over the SEC’s phone number, reset the account password and proceeded to disseminate a fake announcement on January 9. The deceptive post falsely claimed the SEC’s approval of the listing and trading of Bitcoin exchange-traded funds (ETFs). A statement that SEC chairman Gary Gensler revoked in a statement on his personal X account. Although the SEC eventually made a legitimate announcement on the matter the next day, the fake proclamation briefly influenced Bitcoin prices.

How SIM Swaps Work

SIM swap attack is a scheme that enables the unauthorized transfer of a phone number to another device. It involves manipulating mobile carriers into transferring a victim’s phone number to a SIM card controlled by the attacker. Here’s a breakdown of the process:

  1. Social Engineering or Malicious Insider: Attackers often use social engineering tactics to deceive telecom employees into porting a customer’s phone number to a device under their control. In some cases, malicious insiders within telecom carriers facilitate these swaps.
  2. Unauthorized Transfer: Once successful, the attacker gains control of the victim’s phone number, a critical piece of authentication for various services, including cryptocurrency accounts.
  3. Intercepting Communications: With control over the phone number, the attacker intercepts voice calls and SMS communications intended for the victim. This includes one-time passcodes used in Multi-Factor Authentication (MFA) protocols.

Get more in-depth information about SIM swap fraud in our recent article.

The SEC clarified that the breach occurred via the telecom carrier and not through SEC systems, data, devices, or other social media accounts.

A noteworthy lapse in security emerged as it was revealed that MFA for the @SECGov X account had been disabled by X Support in July 2023 due to account access issues. This decision, despite being a deviation from best practices, played a crucial role in the success of the attack. After regaining access, MFA remained disabled until after the compromise on January 9.

The investigation into this incident delves into how the unauthorized party coerced the telecom carrier into changing the SIM for the account and determining the specific phone number linked to the account. 

In response to the breach, senators have urged the SEC to adopt “phishing-resistant MFA,” such as authenticator apps, as an additional layer of security. The absence of MFA during the attack highlights the susceptibility of accounts, even those of government bodies, to sophisticated cyber threats.

What to Do If You’ve Fallen Victim to a SIM Swap Fraud

In the unfortunate event of falling victim to a SIM swap attack in the cryptocurrency realm, swift and decisive action is crucial to mitigate potential losses and secure your digital assets. Follow these essential steps to navigate the aftermath:

  • Contact Service Providers: Notify your mobile carrier immediately about the SIM swap. Request them to suspend the affected number and initiate security measures.
  • Inform Cryptocurrency Platforms: Contact your cryptocurrency wallets and exchanges promptly. Inform them of the breach to secure your accounts and freeze any suspicious transactions.
  • Change Passwords: Change passwords for all your accounts, including email, cryptocurrency wallets, and exchanges. Opt for strong, unique passwords to enhance security.
  • Alert Financial Institutions: If your cryptocurrency accounts are linked to traditional bank accounts, inform your financial institutions about the breach. Implement additional security measures for these accounts.
  • Seek Professional Assistance: Engage with cybersecurity professionals or services specializing in digital asset recovery. Their expertise can aid in investigating the breach and recovering lost assets.

This incident underscores the escalating threat of SIM swap attacks, evolving beyond individual cryptocurrency wallet hijacks to impact government agencies and corporations. In response, there is a critical need for advanced security measures. Blockchain Intelligence Group, recognizing the urgency of securing digital assets, offers QLUE™, a blockchain analytics tool designed by law enforcement experts. This tool equips investigators to tackle SIM swap attackers and combat illicit activities in the cryptocurrency space.

Learn more and get access to QLUE™ to start investigating SIM swap fraud today and combat crypto fraud.

Written By: Omar Marzouk
Writer, Content marketing at Blockchain Intelligence Group


  • Solutions
  • Training
  • Resources
  • Support