While Bitcoin enthusiasts celebrate the stunning success of a newly approved group of exchange-traded funds this week, the FBI continues to search for an unidentified hacker who posted a counterfeit tweet about the ETFs that caused confusion and chaos in the markets.
Since the Bitcoin ETF approval date of January 10, the exchange-traded funds have generated more than $50 billion in inflows and pushed Bitcoin’s value above $72,000, an all-time high, The Wall Street Journal reported. But a bogus X (formerly known as Twitter) post, which falsely announced that the ETFs had been approved Jan. 9, took the cryptocurrency market on a wild ride that has some worrying about the security of social media platforms.
“I’m concerned that unauthorized access to SEC accounts could undermine our markets and the agency’s mission,” Senate Banking Chair Sherrod Brown (D-Ohio) said in a statement. Brown called on the SEC’s Inspector General to investigate. At least eight additional members of congress on both sides of the aisle made public statements raising questions about the breach and calling for action.
For months leading up to the hack, approval of the spot Bitcoin ETFs had been hotly anticipated by the cryptocurrency market. The vehicles would allow investors to buy Bitcoin for the first time through a brokerage account without direct ownership of assets.
Prior to the approvals, the only way to gain exposure to Bitcoin’s price fluctuations involved buying the assets directly from a crypto exchange or purchasing futures contracts tied to its price. Both came with more fees and regulatory burdens than spot ETFs. Part of their staggering popularity can be attributed to the lowering of those barriers to entry, which enable retail investors to trade in Bitcoin like any other stock.
On the afternoon of Jan. 9, a message announcing the SEC had approved all pending applications for bitcoin spot ETFs appeared in a post on the SEC’s X account alongside a picture of Commission Chair Gary Gensler.
Less than 20 minutes later, the post was taken down. The SEC confirmed the hack and announced that the ETFs had not been approved.
Immediately after the bogus post, Bitcoin prices spiked from $46,800 to $47,680 then dropped to $45,400, according to Coindesk data.
The ride may have been short-lived and quickly forgotten after the SEC granted genuine approvals for 11 ETFs the next day. But the price drop triggered margin calls for investors holding leveraged positions, and in the end, $86 million in Bitcoin positions were liquidated, Coindesk reported.
Forced liquidations occur when traders fail to come up with the additional funds needed to keep their trades open after a sudden price drop. In many cases, that means traders lose the cash deposits they put up as collateral to open the trades.
Those kinds of losses underscore the concerns of some who worry that relying on social media for market news invites hackers to use disinformation for fraud. In the age of legacy media, a national television network signal being highjacked or a fabricated article being planted in major newspaper without editors noticing were virtually unheard of.
Today, because fake news such as the bogus X post can move markets in predictable directions, hackers or their confederates can take long and short positions timed to capitalize on those swings at the expense of investors caught unaware.
There is no evidence that such trades were made in the case of the Jan. 9 hack, but Rep. Sean Casten (D-Ill.), told Politico that Bitcoin action on that day “stinks to high heaven” of market manipulation.
Most of the questions and criticism by members of Congress over the security breach were directed at Gensler.
“This failure is unacceptable, and it is disturbing that your agency could not even meet the standard that you require of private industry,” House Committee on Financial Services Chairman Patrick McHenry said in a letter to Gensler. The letter was signed by three additional senior committee members, all Republicans.
McHenry was referring to the findings of X’s preliminary internal investigation into the hack, which faulted the SEC for ignoring elementary security protocols, such as enabling two-factor authentication before allowing user access to the account.
“Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual gaining control over a phone number associated with the @SECGov account through a third party,” the X Safety account tweeted.
Gensler has not commented publicly on how the breach happened or what responsibility the SEC should bear. He did, however, issue a warning against letting the Regulator’s approval of the spot-ETFs lead to irrational exuberance.
“We did not approve or endorse Bitcoin,” Gensler said in a statement. Investors should remain cautious about the myriad risks associated with bitcoin and products whose value is tied to crypto.”
If you suspect your business has been hacked or want to know the best way to prevent and respond to information security breaches, contact Ziliak Law’s Data Privacy Team.
If you want to explore opportunities in cryptocurrency, contact our Blockchain team.
Article by Kevin Lynch