Crypto.com finally speaks out: 483 user accounts compromised

Published at: Jan. 20, 2022

The Crypto.com security breach saga gets clarity with an official statement from the Singapore-based crypto exchange following a halt on withdrawals after detecting "suspicious activities" in user accounts.

In a statement today, Crypto.com revealed that "4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other currencies" had been taken from clients' accounts without their permission. The overall loss is presently valued at around $33.8 million, as per the current market value.

Following a security breach, several Crypto.com users have made complaints that their money had been stolen. However, the company's previous responses had failed to quell concerns.

Following the 17th of Jan security incident, we are sharing our findings below, together with enhancements we’ve made to our security infrastructure and the introduction of the Worldwide Account Protection Program. https://t.co/6q86r0o59V pic.twitter.com/ER7DkBoX1Z

— Crypto.com (@cryptocom) January 20, 2022

On Jan. 17, 2022, at around 12:46 AM UTC, Crypto.com's risk monitoring systems detected "unauthorized activity on a small number of user accounts" where transactions were being authorized without the 2FA authentication control being entered by the user, according to the official document.

The exchange proceeded by halting withdrawals and revoking all customer 2FA tokens, adding even more security hardening measures that required everyone to re-login and reactivate their 2FA token before allowing only authorized action, as detailed in the statement. The withdrawal infrastructure was down for a total of 14 hours.

To safeguard against such an accident happening again, Crypto.com claims that they have implemented an additional layer of protection in which a new whitelisted withdrawal address must be registered within 24 hours before the first withdrawal.

"Users will receive notifications that withdrawal addresses have been added, to give them adequate time to react and respond," the statement reads.

On Wednesday, Kris Marszalek, the CEO of Crypto.com, told Bloomberg that the exchange has not received any communication from regulators about the event. He went on to say that;

"Obviously, it's a great lesson, and we are continuously strengthening our infrastructure."

Related: Secret Network offers $400M in funding to bring others in on the secret

According to PeckShield, over $15 million worth of ETH has been stolen. On Monday, the blockchain security firm tweeted that roughly half of the funds had been sent to Tornado Cash "to be washed." Another analyst from blockchain data firm OXT Research stated that the heist may have cost the exchange $33 million in stolen assets.

Tags
Bitcoin
Ethereum
Altcoin
Cryptocurrency Exchange
Hacks
Hackers
Related Posts
Previously Hacked Gatecoin Exchange Receives Liquidation Order Following Banking Problems
Gatecoin, a crypto exchange that was hacked in May 2016, has announced on March 13 that it has received a winding up (compulsory liquidation) order from an unspecified court. The company wrote that Gatecoin will have to cease operation with immediate effect, noting that the exchange will assist in the liquidation process in order to distribute assets to the creditors. The Hong Kong-based exchange had suffered a major hack back in May 2016, with around $2 million in cryptocurrencies lost after the firm reported a security breach that gave hackers access to Gatecoin’s hot wallets. According to the team’s statement …
Bitcoin / March 14, 2019
“PlugWalkJoe” indicted for $784k cryptocurrency theft scheme
Joseph O’Connor, known in some corners of the internet as PlugWalkJoe, was indicted on an array of charges relating to a May 2019 cryptocurrency exchange hack. During the attack, he is alleged to have absconded with digital assets valued at approximately $784,000. In the criminal scheme, authorities believe O'Connor utilized SIM swap attacks (an artifice of fraud where 2FA phone calls and text messages are rerouted to a device controlled by the scammer) on three separate executives at an undisclosed cryptocurrency company to take control of their employers systems. O’Connor may have then diverted over 7 BTC, 407 ETH, 6363 …
Blockchain / Nov. 4, 2021
PennyWise crypto-stealing malware spreads through YouTube
A new strain of crypto-malware is being spread via YouTube, tricking users to download software that’s designed to steal data from 30 crypto wallets and crypto-browser extensions. Cyber intelligence company Cyble in a June 30 blog post said it had been tracking the malware known as PennyWise — likely named after the monster in Stephen King’s horror novel It — since it was first identified in May. “Our investigation indicates that the stealer is an emerging threat,” wrote Cyble in a blog post on June 30: “In its current iteration, this stealer can target over 30 browsers and cryptocurrency applications …
Bitcoin / July 6, 2022
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022
Here's how to quickly spot a deepfake crypto scam — cybersecurity execs
Crypto investors have been urged to keep their eyes peeled for "deepfake" crypto scams to come, with the digital-doppelganger technology continuing to advance, making it harder for viewers to separate fact from fiction. David Schwed, the COO of blockchain security firm Halborn told Cointelegraph that the crypto industry is more “susceptible” to deepfakes than ever because “time is of the essence in making decisions” which results in less time to verify the veracity of a video. Deepfakes use deep learning artificial intelligence (AI) to create highly realistic digital content by manipulating and altering original media, such as swapping faces in …
Blockchain / Jan. 13, 2023