Crypto.Com Confirmed The Exchange Lost $34M To Hackers

Crypto.com confirmed the exchange lost $34 million to hackers in the recent security incident according to the post mortem released so let’s read further in our cryptocurrency news.

Crypto.com is the fourth biggest crypto exchange and it finally admitted that it lost funds worth $34,000 due to a recent security breach. According to the blog post, the incident affected a total of 483 users which resulted in unauthorized withdrawals of 4,836.26 ETH, 443.93 BTC, and $66,2000 worth in another crypto. Crypto.com confirmed that it paused withdrawals after a small number of users had trouble with unauthorized activity in their accounts, urging the customers to reset their two-factor authentication. The security company Peckshield revealed that the incident resulted in the exchange losing about $30 million worth of funds.

We just published full incident report which a sums up what happened and how we addressed it. All 483 affected accounts were fully reimbursed, ie. no customer loss of funds.

We’re also launching US$250,000 Worldwide Account Protection Program covering funds held with us. https://t.co/8SHGaaoaCn

— Kris | Crypto.com (@Kris_HK) January 20, 2022

According to Peckshield, half of the stolen funds were sent to Tornado Cash which is a crypto mixing service that enables users to obfuscate transactions. Blockchain analyst ErgoBTC said the hackers managed to make away with 444 BTC. Despite the evidence, Crypto.com refused to acknowledge the hack intiially with the company’s CEO Kris Marszalek claiming that there were no customer funds lost.

He later confirmed that around 400 customer accounts have been compromised. According to him, the exchange paused withdrawals after detecting that some of the defense lawyers were breached but they immediately fixed the issue and they are back online. He added that the same day, all of the accounts that were affected were reimbursed so there was no loss of customer funds. When pressed with the question about the extent of the losses suffered by the exchange, Marszalek said that with the scale of the business, these numbers are not particularly material. The company’s post-mortem confirmed that the security incident occurred due to issues with two-factor authentication.

JUST IN: CEO @cryptocom’s Kris Marszalek discusses the site's recent hack with @BloombergTV’s @emilychangtv. "Customer funds were never at risk." #TheYearAhead pic.twitter.com/YlCtGO60t5

— Bloomberg Live (@BloombergLive) January 19, 2022

Crypto.com revamped and migrated to a new 2FA infrastructure with 2FA tokens for the users being revoked to ensure the new infrastructure was in effect. The exchange introduced another layer of security to add a mandatory 24-hour delay between registration of the new withdrawal address and the first withdrawal of funds. According to the company, this will give users enough time to react and respond to notifications that new withdrawal addresses have been added.

Adding another 444 BTC to the previously reported 4.6k ETH from yesterday's @cryptocom hack.

Still no acknowledgement of loss, despite large outflows from the custodial wallet into ETH's Tornado Cash and a well known BTC tumbler (as detailed below). pic.twitter.com/GalJKM6bi9

— ∴Ergo∴ (@ErgoBTC) January 18, 2022

Crypto.com announced the launch of the Worldwide Account protection program which is designed to protect the user’s funds in cases where a third party gains unauthorized access to the account and withdraws funds without permission from the users. WAPP opens up another possibility to restore the funds up to $250,000 but it comes with a few conditions to qualify including the requirement to enable multi-factor authentication and to set up anti-phishing codes, 21 days before the reported unauthorized transactions. The users will have to file a police report and complete a questionnaire to support the investigation.