Securities and Exchange Commission (SEC) Chair Gary Gensler is facing bipartisan political backlash after the agency’s social media account was hacked last week and falsely claimed it had approved several highly anticipated bitcoin investment funds.
While the SEC ultimately approved the exchange-traded funds (ETFs) holding bitcoin about 24 hours later, the high-profile blunder for the agency puts Gensler in a tough spot as an already unpopular figure in the cryptocurrency world and among Republican lawmakers.
And some Democrats who have been generally pleased with Gensler are joining calls for investigations.
“Mainly, it was embarrassing for the SEC,” Ian Katz, managing director at research consultancy Capital Alpha Partners, told The Hill.
“It’s given ammunition to Gensler’s enemies and his opponents and people in Congress who don’t like him to begin with,” he added.
The SEC revealed last Tuesday afternoon that its account on X, formerly known as Twitter, had been hacked after it appeared to approve the spot bitcoin ETFs. The agency deleted the post after about 30 minutes and replaced it with a disavowal.
“The @SECGov X account was compromised, and an unauthorized post was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products,” the agency said.
The incident quickly prompted calls from Republican lawmakers for the SEC to provide an explanation for the breach.
“Just like the SEC would demand accountability from a public company if they made such a colossal market-moving mistake, Congress needs answers on what just happened,” Sen. Bill Hagerty (R-Tenn.), a member of the Senate Banking Committee, said in a post on X. “This is unacceptable.”
Sens. JD Vance (R-Ohio) and Thom Tillis (R-N.C.) sent a letter to Gensler in the aftermath requesting information about the incident, noting the impact of the false announcement on the price of bitcoin.
The price of bitcoin briefly surged on the news, jumping to nearly $48,000, before falling to less than $46,000.
“These developments raise serious concerns regarding the Commission’s internal cybersecurity procedures and are antithetical to the Commission’s tripart mission to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation,” Vance and Tillis wrote.
The agency drew further scrutiny after X said a “preliminary investigation” found the hack was not due to a breach of the social media company’s systems but rather “an unidentified individual obtaining control over a phone number” associated with the account.
The social media company also said the SEC’s account did not have two-factor authentication enabled at the time of the hack.
Several Republican members of the House Financial Services Committee slammed the agency’s apparent lack of security measures in a letter to Gensler on Wednesday.
“This failure is unacceptable, and it is disturbing that your agency could not even meet the standard you require of private industry,” they wrote.
The criticisms of the SEC’s cybersecurity practices come as the agency recently enacted a rule requiring public companies to disclose significant cyber incidents that could affect investor decisions within four business days.
The rule has drawn stiff opposition from congressional Republicans, who are pushing to overturn the requirement using the Congressional Review Act.
However, the cyber disclosure rule is just one of many recent rulemaking and enforcement efforts by the agency under Gensler that have drawn Republican ire.
GOP lawmakers have also accused the SEC of overreach with its proposed climate disclosure rule and have repeatedly criticized what they view as Gensler’s heavy-handed approach to crypto regulation.
While Gensler has often faced Republican criticism, concern over the breach of the SEC’s account took on a bipartisan flavor when Sens. Ron Wyden (D-Ore.) and Cynthia Lummis (R-Wyo.) called on the SEC inspector general to probe the incident.
“Given the obvious potential for market manipulation, if X’s statement is correct, the SEC’s social media accounts should have been secured using industry best practices,” Wyden and Lummis wrote.
In a statement, Gensler noted there is “currently no evidence that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts,” while also acknowledging the security concerns raised by the hack.
“The SEC takes its cybersecurity obligations seriously,” Gensler said.
Ron Hammond, director of government relations with the crypto industry group Blockchain Association, said the spotlight on the recent ETF decision “looped in a lot more folks from the traditional side” of finance and gave them “their first taste of what it’s like to be on the crypto side.”
“This was almost just like another week in crypto, just given the craziness that has occurred in this industry and the intersection of DC politics for the past at least two or three years probably, if not longer,” Hammond told The Hill.
Amid the chaos and criticism over the breach, the SEC ultimately approved the 11 spot bitcoin ETFs that were the subject of the hacked posts. The decision, which crypto supporters touted as a “historic outcome,” represents the first time that the agency has permitted the trading of funds directly invested in crypto assets.
The SEC previously rejected all applications for such funds. The agency’s shift on the issue comes after the U.S. Court of Appeals for the District of Columbia ruled in August that it improperly rejected an application for a spot bitcoin ETF from Grayscale Investments.
Gensler appeared less than enthusiastic in his statement about the approvals, describing it as “the most sustainable path forward” given the court’s decision. He also emphasized that the SEC’s approvals were confined to ETFs holding bitcoin.
“It should in no way signal the Commission’s willingness to approve listing standards for crypto asset securities,” Gensler said.
Katz suggested the hack was even more embarrassing for the agency because the SEC chair “didn’t really want to do these approvals anyway.”
Hammond added that Gensler and the agency are “definitely not in a good space” at the moment following the hack.
“We’ll see what happens through the letters and hearings and investigation of the FBI, but they’re not in a good spot at the SEC right now,” he said.
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
