Crypto.com exchange loses $34 million in BTC and ETH to hackers

Polycount

Posts: 3,005   +589
Staff member
In context: A couple of days ago, we reported that cryptocurrency trading platform Crypto.com had been hacked, with analysts predicting that roughly $14 million worth of Ethereum tokens were lost in the process. Company CEO Kris Marszalek later downplayed the incident, saying that "no customer funds were lost." After his team conducted an internal investigation, however, it seems that statement was not quite true.

Crypto.com has published a full security report on its website detailing exactly how much currency was lost as part of the hack. The company also briefly discussed how and when it first detected the hack and listed the steps it has taken and will be taking to better protect its users in the future.

For starters, not only were customer funds most certainly lost despite the CEO's claim to the contrary, but that loss was significantly greater than the $14 million initially predicted by data analytics firm PeckShield. According to the exchange, 483 Crypto.com users were affected by the hack, with 4,836.26 ETH ($15.3 million), 443.93 BTC ($18.8 million), and around $66,200 USD being lost in total. If you don't feel like doing the math, that adds up to a loss of about $34.1 million.

To be clear, Crypto.com hasn't simply cut its losses and run here. All affected customers have already been reimbursed; a fact Marszalek has used to justify his initial claim that "no customer funds were lost."

So, how did this happen in the first place? Crypto.com says the breach was detected three days ago on January 17 by its "risk monitoring systems." The systems noticed that transactions were taking place across a "small number" of user accounts without said users inputting their 2FA codes. Withdrawals were immediately suspended while Crypto.com investigated, and all 2FA tokens were revoked.

To bolster its security, Crypto.com says it has already switched to a new 2FA infrastructure and added a mandatory 24-hour delay period between the time a user registers a new "whitelisted withdrawal address" and makes their first withdrawal to said address. Other measures have also been implemented, but the company is (understandably) not elaborating on what those are.

Crypto.com is well aware that customers might be a bit concerned about doing business on its platform after this incident, so it has created the new "Worldwide Account Protection Program" in response. This program will restore funds lost through future third-party hacks "up to" $250,000 for qualified users.

It remains to be seen whether or not these measures will be enough to restore customer faith in Crypto.com as a platform, but we'll let you know if the situation develops any further.

Permalink to story.

 

Achaios

Posts: 356   +969
Boy, they got pwned really hard.

The OP must appear next to the entry for "Pwned" in dictionaries.
 

NightAntilli

Posts: 897   +1,174
Crypto.com is one of the best companies in crypto. Hacks are bound to happen, unfortunately. Thankfully, it was detected quickly. It could have ended very badly.

I have a good experience with them, and their VISA cards are awesome.
 

Athlonite

Posts: 305   +106
Perhaps they should be asking N.Korea where their BTC is as it seem they're quite adept at ripping it off
 

RaXoR

Posts: 233   +171
Wonder if the hackers dumping all of this crypto is contributing to the current crash aside from the stock market also influencing.