The CEO of the platform assured that the affected users were reimbursed and that the loss is not “particularly important” given the “scale of the business”.
Crypto.com, the tercer exchange largest cryptocurrency by trading volume, finally admitted to having suffered a hacking attack that caused losses of more than USD $30 million to its users.
The Singapore-based exchange confirmed the security breach in a report published this Thursday in which they revealed that more than 400 users were affected. The figure stolen by cyber attackers also exceeded initial estimates.
Crypto.com said $15.1 million was lost in Ethereum, USD $18.6 million in Bitcoin and a few thousand dollars in other cryptocurrencies totaling 33.8 million at current prices.
The incident affected 483 Crypto.com users. Unauthorized withdrawals totaled 4,836.26 ETH, 443.93 BTC, and approximately $66,200 in other currencies.
What happened to Crypto.com?
The report comes a few days after the platform paused its withdrawals on Monday due to reports from customers who claimed to have detected “suspicious activity” in their accounts. At that moment, Crypto.com indicated that “a small number of users” had experienced “unauthorized activity” in their accounts, however they ensured that all funds were safe.
The platform also said that it was strengthening its security measures. All two-factor authentication (2FA) protocols were reset, and all users were required to repeat the security verification step.
The interruption of withdrawals on the exchange was accompanied by several claims from users on social networks who claimed to have lost funds. However, the exchange reiterated on Twitter that no losses had been caused.
Later, an analysis of the research firm Blockchain, PeckShield, revealed that hackers had mined at least 4,830 ETH from Crypto.com during the incident. Investigators did not provide details on how the hack was carried out, but said the hackers were sending the stolen funds to the mixer. Tornado Cash to obfuscate the trail of coins.
PeckShield also said to Decrypt who estimated that the damage could be “definitely worse“. That analysis was followed by another external report that highlighted that in addition to $15 million in ETH, on-chain data showed that more than 400 bitcoins had been diverted from a wallet of Crypto.com.
Despite the evidence, the exchange had initially denied the hack. Also its CEO, Kris Marszalek, had stated on Twitter that “no customer funds were lost“.
All affected accounts were refunded
Prior to the release of the security autopsy, Marszalek had an appearance on Bloomberg TV on Wednesday night where he stated that more than 400 accounts of the exchange had been hacked after a security breach.
The CEO confirmed during the show that the attackers made unauthorized withdrawals to the affected accounts, but that the company had acted quickly to stop the theft after detecting that “some of the layers of defense were breached“. He added that on the same dayall accounts that were affected were refunded, so there was no loss of customer funds”.
Likewise, when asked about the real scope of the losses for the company, Marszalek assured that “given the scale of the business, these numbers are not particularly important“.
JUST IN: CEO @cryptocom’s Kris Marszalek discusses the site’s recent hack with @BloombergTV’s @emilychangtv. “Customer funds were never at risk.” #TheYearAhead pic.twitter.com/YlCtGO60t5
— Bloomberg Live (@BloombergLive) January 19, 2022
The final autopsy revealed that the security incident occurred due to problems with 2FA. In response to what happened, the exchange announced that it is launching a Worldwide Account Protection Program (WAPP), designed to protect users in the event of unauthorized withdrawals.
According to the exchange, WAPP will include layers of security to protect against phishing attacks, as well as a multi-factor authentication (MFA) system to replace the existing 2FA protocol. It also enables the restoration of funds for up to USD $250,000 for users who have updated the security measures of the exchange.
Article versioned by Hannah Estefanía Pérez / DailyBitcoin
WARNING: This is an informative article. DiarioBitcoin is a means of communication, it does not promote, endorse or recommend any investment in particular. It is worth noting that investments in crypto assets are not regulated in some countries. May not be suitable for retail investors as the full amount invested could be lost. Check the laws of your country before investing.