Following a hack of its hot wallet earlier this week, Crypto.com announced 483 accounts were compromised.
The Singapore-based crypto exchange put out an official statement sharing its findings and declaring the establishment of the ‘Worldwide Account Protection Program’.
Following the 17th of Jan security incident, we are sharing our findings below, together with enhancements we’ve made to our security infrastructure and the introduction of the Worldwide Account Protection Program. https://t.co/6q86r0o59V pic.twitter.com/ER7DkBoX1Z
— Crypto.com (@cryptocom) January 20, 2022
In the report, Crypto.com confirmed “4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other currencies” had been taken from users’ accounts with a total of $33.8m estimated to have been stolen.
Crypto.com did say that “in the majority of cases we prevented the unauthorised withdrawal, and in all other cases customers were fully reimbursed”. However, some users of the exchange complained on Twitter that they had yet to gain access to their funds.
@Kris_HK I have reported to your staff multiple times that I STILL do not have access to my funds. I have followed all steps and am not receiving a response. Is this what we get for using your exchange? Perhaps I should move my funds to @coinbase or @binance? Please make contact.
— RomZ (@itz_romzy) January 20, 2022
It was PeckShield, a blockchain security company, that shared the initial losses resulting from the hack and declared the 4.6 ETH stolen ($14.6m), at the time of writing, was laundered through TornadoCash, an ETH-based coin mixer.
New security measures
The attackers were found to have bypassed the 2FA (two-factor authentication) security measures on the exchange, which has now migrated to a new 2FA infrastructure.
It also introduced an “additional layer of security on January 18 2022 to add a mandatory 24-hour delay between registration of a new whitelisted withdrawal address, and first withdrawal”.
Kris Marszalek, CEO of Crypto.com, said the exchange had not heard back from regulators in regards to the hack, in an interview with Bloomberg.
“Obviously, it’s a great lesson, and we are continuously strengthening our infrastructure,” he said.
Disclaimer: The views and opinions expressed by the author should not be considered as financial advice. We do not give advice on financial products.