Crypto.com confirms hundreds of accounts were hacked

Following a hack of its hot wallet earlier this week, Crypto.com announced 483 accounts were compromised.

The Singapore-based crypto exchange put out an official statement sharing its findings and declaring the establishment of the ‘Worldwide Account Protection Program’.

In the report, Crypto.com confirmed “4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other currencies” had been taken from users’ accounts with a total of $33.8m estimated to have been stolen.

Crypto.com did say that “in the majority of cases we prevented the unauthorised withdrawal, and in all other cases customers were fully reimbursed”. However, some users of the exchange complained on Twitter that they had yet to gain access to their funds.

It was PeckShield, a blockchain security company, that shared the initial losses resulting from the hack and declared the 4.6 ETH stolen ($14.6m), at the time of writing, was laundered through TornadoCash, an ETH-based coin mixer.

New security measures

The attackers were found to have bypassed the 2FA (two-factor authentication) security measures on the exchange, which has now migrated to a new 2FA infrastructure.

It also introduced an “additional layer of security on January 18 2022 to add a mandatory 24-hour delay between registration of a new whitelisted withdrawal address, and first withdrawal”.

Kris Marszalek, CEO of Crypto.com, said the exchange had not heard back from regulators in regards to the hack, in an interview with Bloomberg.

“Obviously, it’s a great lesson, and we are continuously strengthening our infrastructure,” he said.