The US financial regulator has confirmed a key security procedure on its X account had been suspended for six months when hackers made a fake post about Bitcoin in January.
The cryptocurrency surged in value before the post was deleted.
The Securities and Exchange Commission (SEC) did not have multi-factor authentication (MFA) in place when hackers gained access to the account.
Cyber-security experts say it should be a wake-up call for other agencies.
"While the SEC's X account hack is a minor security incident, all governmental agencies should review the security of their social network accounts," said Ilia Kolochenko from cyber-firm ImmuniWeb.
He pointed out that a similar incident at a body such as the US Department of Defense could have more "devastating consequences".
"While MFA had previously been enabled on the @SECGov X account, it was disabled by X Support, at the staff's request, in July 2023 due to issues accessing the account," the SEC said in a statement.
"Once access was re-established, MFA remained disabled until staff re-enabled it after the account was compromised on January 9.
"MFA currently is enabled for all SEC social media accounts that offer it."#ETH_ETF_Approval_23July #SOFR_Spike