Users of the exchange also found that they were missing cryptocurrencies from their balances and, in some cases, their entire digital wallet had been picked clean.
The exchange subsequently took to Twitter to confirm an investigation was underway.
We have a small number of users reporting suspicious activity on their accounts.
We will be pausing withdrawals shortly, as our team is investigating. All funds are safe.
The likes of Ben Baller, a crypto enthusiast, reported a loss of 4.25 ETH at the time of the hack but confirmed on Twitter that the exchange had restored his missing funds.
PeckShield, a blockchain security company, dug deeper and published a report stating 4,600 ETH worth $14.6m had reportedly been siphoned off the platform and laundered through TornadoCash, an ETH-based coin mixer.
— PeckShield Inc. (@peckshield) January 18, 2022
How it happened
The attackers reportedly found a way to bypass the 2FA (two-factor authentication) security measures on the exchange.
Crypto.com then took to Twitter to alert its users to sign back into the app and exchange accounts and to then reset their 2FA information.
The company then stated once the update had been rolled out to all users, withdrawals will be re-enabled.
Disclaimer: The views and opinions expressed by the author should not be considered as financial advice. We do not give advice on financial products.