Analysis
The Union of Hacking and Market Manipulation
As markets transitioned to electronic systems, a family of manipulation emerged, putting hacking and cybersecurity at the heart of the crime. In this month’s analysis, we’ll examine hacking’s role in market manipulation by reviewing ongoing cases, including trading account hacks, hacking for insider information, hacking social media as part of a pump-and-dump scheme, and controlling swarms of compromised devices (botnets) to manipulate energy market prices.
Unveiling the Multimillion-Dollar Hack-to-Trade Fraud Scheme
First, let’s look at what the U.S. Department of Justice (DOJ) and U.S. Securities and Exchange Commission (SEC) have been calling a “multimillion-dollar hack-to-trade fraud scheme.” The defendant, a U.K. citizen, targeted companies that were about to release earnings. He then targeted individuals, such as senior finance and accounting staff, that would have material non-private information (MNPI). The hacks were done through unauthorized password resets; once the defendant had access, he would then set up an email forward to his own account, with emails containing MNPI about future earnings. Finally, he then used the information to trade options contracts, netting himself $3.75 million.
How Russian Operatives Infiltrated Wall Street’s Secrets
This recent case is one of many, with an even larger example that went to court in 2023 and netted the fraudsters $90 million. In this case, a group of Russian citizens hacked into the computer networks of two U.S. filing agents used to report corporate filings. By deploying malicious software on the companies’ infrastructure over a three-year period, they were able to gain access to hundreds of earnings reports before they were released to the public. It is noteworthy that the group concealed their trading by spreading it across brokers in the EU, U.S. and Russia. We are seeing this practice more frequently, as criminals attempt to evade detection by spreading it across multiple countries.
The whole case has the characteristics of a Cold War spy movie. The hacking group had links to Russian Intelligence with its leader, Vladislav Klyushin, being arrested as he got off a private jet on the way to ski in Zermatt, Switzerland. Klyushin was later released in August 2024 as part of a U.S.-Russia prisoner exchange, which included Wall Street Journal reporter Evan Gershkovich and Russian Federal Securities Service (FSB) hitman Vadim Krasikov.
Tweets to Trades: The Dark Side of Social Media Market Manipulation
While these two cases are examples of hacking to steal market moving news, the next case involves hacking to create market moving news. In October 2024, the FBI arrested an Alabama man for hacking the SEC’s X, formerly Twitter, account. In January 2024, the SEC’s X account announced that bitcoin ETFs had been approved, causing a surge in bitcoin’s price before the SEC managed to regain control and correct the information. Allegedly, the hack was executed through a SIM swap, in which an individual fraudulently induces a cell phone carrier to reassign a phone number from one SIM card to another. The case is ongoing and there isn’t evidence of his trading activity yet; however, it’s clear that the false tweet moved the market.
In the past few years, we’ve seen many instances of high-profile social media accounts being hacked to promote assets like crypto. Recent examples include rapper 50 Cent, footballer Kylian Mbappe, and even McDonald’s. These tactics aren’t exclusive to crypto, with stock in Eli Lilly tumbling after a fake twitter account announced that insulin would become free. The potential for this type of market manipulation is indisputable.
Brokers Beware
The next scenario is more straightforward, in which an individual’s trading account gets hacked and taken over. Recently, the Hong Kong Securities and Futures Commission (SFC) ordered four brokers to freeze client accounts “linked to suspected account hacking and market manipulation.” Once hackers are in control of the brokerage accounts, they can be drained of their funds or used to perform market manipulation. Another good example of this occurred in a 2022 SEC case, where a group of mainly Canadian citizens managed to hack and take control of 31 U.S. brokerage accounts. They used these accounts to pump up the price of two microcap stocks that they had existing holdings in. These accounts had low risk profiles and were unrelated, but their highly unusual trading activity indicated third-party control.
The Possibilities of Electricity Market Manipulation
For the final example, I’d like to discuss something much more unconventional. In a 2021 paper, a group of researchers investigate whether it’s possible to manipulate electricity markets by controlling a swarm of hacked devices (a botnet). Inspired by research on power grid cyberattacks, they explored Manipulation of Demand via IoT (MaDIoT), which abruptly changes power grid demands by controlling botnets of high wattage devices like air conditioning units. By simulating potential hacks in California and New York grids, they hypothesize that manipulating electricity markets is not only possible but could be done relatively stealthily.
The combination of hacking and financial crime isn’t new. However, the increasing complexity of our markets and advancements in technology have led to greater potential for market disruption and new forms of bad behavior. It’s a space I’ll be watching closely as it’s sure to develop in the coming years.
Capital Markets Regulatory Updates
4 December: President-elect Donald Trump nominated former SEC member Paul Atkins to lead the agency. The former commissioner and current Patomak Global Partners CEO collaborates with the Digital Chamber, focusing on innovative capital markets and digital assets to enhance the U.S. economy.
22 November: The SEC announced it filed 583 total enforcement actions in fiscal year 2024 while obtaining orders for $8.2 billion in financial remedies, the highest amount in SEC history. This included $6.1 billion in disgorgement and prejudgment interest, as well as $2.1 billion in civil penalties. Additionally, the SEC obtained orders barring 124 individuals from serving as officers and directors of public companies in the fiscal year 2024.
21 November: The 33rd Chair of the SEC, Gary Gensler, will resign from his position effective Jan. 20, 2025. During his tenure, which started in April 2021, he focused on enhancing market integrity, overseeing enforcement actions to protect investors, and leading a robust rulemaking agenda to strengthen the U.S. capital markets.
21 November: The International Organization of Securities Commissions (IOSCO) published a consultation report reviewing the potential market conduct and integrity issues associated with pre-hedging and set out a series of proposed recommendations of regulators to consider when addressing the risks posed by pre-hedging.
21 November: The CFTC’s Global Markets Advisory Committee recommended expanding the use of non-cash collateral through distributed ledger technology, aiming to enhance market efficiency and regulatory clarity for digital assets in the derivatives markets. I’d like to congratulate the committee for their work and expanding how people think about digital assets.
19 November: The U.K. Financial Conduct Authority (FCA) published a research note, announcing the revision of its market cleanliness statistic methodology. The new methodology incorporates intraday trading activity and leads to a statistic that is robust in periods of heightened market volatility.
18 November: The European Securities and Markets Authority (ESMA) published its final report recommending a transition to a T+1 settlement cycle in the EU by Oct. 11, 2027, to enhance market efficiency and integration.
18 November: The Swiss Financial Market Supervisory Authority (FINMA) published its 2024 Risk Monitor, highlighting nine significant risks for the financial sector and emphasized increased concerns regarding sanctions and cyberattacks amid geopolitical tensions. The report underscores a shift towards stronger scrutiny of non-financial risks, with a specific focus on cybersecurity vulnerabilities and the impact of sanctions on financial institutions’ operations and reputation.
13 November: FINMA released its strategic goals for 2025-2028. The goals aim to enhance preventive supervision, maintain financial and operational resilience of institutions, shape regulatory framework, and optimize organizational efficiency while emphasizing direct supervision, technological adaptation, and transparent regulation in the financial sector.
29 October: FINRA is conducting a review of its day trading requirements, seeking feedback to assess the effectiveness and efficiency of rules aimed at mitigating risks associated with day trading.
28 October: ESMA published a consultation on amendments to the research provisions in the Markets in Financial Instruments II (MiFID II) Delegated Directive, aiming to permit the bundling of payments for trading execution and research, gradually easing restrictions previously imposed to enhance investor protection.
24 October: The New Zealand Financial Markets Authority (FMA) published its 2024 annual report, highlighting achievements and key milestones, including the introduction of the Conduct of Financial Institutions regime, climate-related disclosures, penalty decisions, and significant returns to customers by banks and insurers due to conduct and culture reviews.
Fines & Enforcement Actions
The founder of collapsed hedge fund Archegos Capital Management was sentenced to 18 years in prison after he was convicted of lying to banks in order to secure billions of dollars in loans used to manipulate the market.
The Financial Conduct Authority (FCA) fined a financial services group £13 million for allowing an employee to record over 400 fictitious trades in its systems to hide trading losses. These trades went undetected due to significant and known weaknesses in MBL’s systems and controls, which the firm failed to address in a timely manner.
The SFC issued restriction notices to four brokers for suspected market manipulation or fraud linked to unauthorized online trades through hacked accounts. The brokers are barred from dealing with specific assets in client accounts up to $91 million without prior consent as investigations continue.
The Securities and Exchange Board of India (SEBI) barred two individuals from the securities market for one year and imposed a fine of approximately $30,000 for insider trading in the shares of Jagsonpal Pharmaceuticals.
The SEC settled charges with three broker dealers for filing deficient suspicious activity reports (SARs) lacking required information and agreed to pay a combined $275,000 in civil penalties.
The SEC charged two affiliates of a major financial institution in five separate enforcement actions for various failures, including misleading disclosures, breach of fiduciary duty, and other regulatory violations. The affiliates agreed to pay over $151 million in combined civil penalties and voluntary payments to investors.
The National Futures Association (NFA) fined X-Change Financial Access LLC (XFA) $400,000 for various violations including inadequate record-keeping and supervision.
The Central Bank of Ireland fined BlueSnap Payment Services Ireland Limited €324,240 for breaching EU regulations related to safeguarding customer funds. BlueSnap violated regulations by failing to deposit customer funds into designated safeguarding accounts, mixing these funds with others, and delaying disclosure to the Central Bank once aware of their non-compliance.
The Canadian Investment Regulatory Organization (CIRO) sanctioned Desjardins Securities Inc. for failing to supervise at least two of its registered representatives, allowing them to engage in improper trading activity. Desjardins agreed to pay a fine of $225,000 and disgorgement of $623,924.73.
A former Deutsche Boerse AG employee was convicted of 14 counts of insider trading, resulting in a suspended sentence and a fine of €163,000. The former employee admitted to trading on information received by Deutsche Boerse’s cash market operation unit before it became public, with his actions initially going unnoticed due to the small size of his transactions until he targeted a company with low trading volume.
The SEC filed insider trading charges against a former supervisor at the Federal Reserve Bank of Richmond, for allegedly using confidential information to trade stocks and options of two banks under his supervision.
SEBI fined four entities approximately $24,000 each for engaging in manipulative trading practices within the illiquid stock options segment of the Bombay Stock Exchange (BSE), with their activities creating artificial trading volumes. A sizable portion of trades executed in the stock options segment were potentially non-genuine, involving rapid buying and selling of the same securities to fabricate increased trading activity.
The SFC commenced proceedings against the former chairman of Ding Yi Feng Holdings Group International Limited, two corporate entities and 28 other suspects for allegedly manipulating Smartac International Holdings Limited (Smartac) shares. The suspects are accused of conducting manipulative trading in Smartac shares to push up the price and turnover, which created a misleading appearance of active trading in and the price of the shares.
Related Content
In its ninth year, the Nasdaq Global Compliance Survey provides a comprehensive snapshot of the financial industry’s current state and its trajectory, offering valuable insights for compliance professionals navigating these changes.
Nasdaq Honored in Regulation Asia Awards for Excellence 2024
Nasdaq is honored to be recognized in the Regulation Asia Awards for Excellence 2024, winning awards for “Best Regulatory Reporting Solution” and “Best Capital / Liquidity Management Solution.”
TECH TUESDAY: Wrapping up SIBOS 2024
Discover the key themes and takeaways from SIBOS 2024. This year highlighted the importance of collaboration for digital transformation, aiming to create a resilient and inclusive financial ecosystem based on a unified foundational system.