483 Accounts Affected by Hack Incident
According to an update released on Thursday (January 20, 2022), Crypto.com revealed that an unauthorized breach on the platform led to a loss of 4836.26 ETH, 443.93 BTC, and about $66,200 worth of other crypto assets. The loss of assets is valued at a total of $33.9 million, at the time of writing.
On Monday, January 17, 2022, Crypto.com announced that it would pause withdrawals and carry out an investigation, following complaints of “suspicious activity” from a small number of customers. Accounts with two-factor authentication (2FA) were compromised.
According to the exchange’s report, “transactions were being approved without the 2FA authentication control being inputted by the user.” Meanwhile, blockchain security firm PeckShield, said that $15 million worth of Ether was stolen, with the alleged hackers laundering the funds using coin mixer Tornado Cash.
The CEO of Crypto.com, Kris Marszalek, later on January 18, maintained that customers’ funds were safe, without giving more information on the incident. However, another tweet from ErgoBTC, an analyst at OXT Research, discovered that an additional 444 BTC ($18.6 million) was stolen from the platform, bringing the total value to over $33 million.
During an interview on Bloomberg TV on January 19, the Crypto.com CEO acknowledged the hacking incident, stating that about 400 accounts were affected. The recent blog post, meanwhile, revealed that 483 accounts were compromised.
Marszalek also said that withdrawals were paused for 13-14 hours, while the company reimbursed the affected users. Furthermore, the CEO noted that the loss was not material, considering the size of the company.
However, Marszalek said:
“It’s a great lesson, and we are continuously strengthening our infrastructure.”
Crypto.com to Introduce New Program to Boost Security
Following the unfortunate incident, Crypto.com has proceeded to take extra safety measures to prevent a repeat in future. According to the update, the crypto exchange is planning to replace the 2FA with the Multi-Factor Authentication (MFA).
Also, Crypto.com will introduce the Worldwide Account Protection Program (WAPP), which provides an additional layer of protection and security for users’ funds. To be eligible for the WAPP program, users would have to fulfil some requirements.
Users of the exchange will need to enable MFA on all transactions, fill up a questionnaire for forensic investigation purposes, and “set up an anti-phishing code at least 21 days prior to the reported unauthorized transaction.”
Also, customers would file a police report in case of stolen funds, and present said report to the company. In addition, users should not be using “jailbroken devices.” The WAPP will be unveiled on February 1, 2022, in select markets.
An excerpt from the blog post reads:
“While we are reminded of the existence of bad actors intent on committing fraud, this new Worldwide Account Protection Program, along with our new MFA infrastructure, gives our users unprecedented protection of their funds, and hopefully, peace of mind.”