Header Ads Widget


Crypto.com revealed details of a recent hack. About $34 million was withdrawn from the platform.

Crypto.com revealed details of a recent hack. About $34 million was withdrawn from the platform.

The attack on Crypto.com's infrastructure compromised the accounts of about 400 users. The cryptocurrency platform covered its customers' losses, so their funds were not affected, CEO Chris Marszalek said.

On wider crypto adoption and the number of global crypto users rising to 1 billion in 2022, "I think one of the key things to look at here is the expansion of use cases." CEO @cryptocom's Kris Marszalek tells @BloombergTV's @emilychangtv #TheYearAhead pic.twitter.com/ewK9MvEdHD - Bloomberg Live (@BloombergLive) January 19, 2022

"We stopped it very quickly, froze the withdrawals, fixed it and got it back online in about 13 to 14 hours. All of the accounts that were affected were refunded the same day. So there was no loss of customer funds," Marszalek said.

On January 17, after customers reported suspicious activity on their accounts, Crypto.com suspended withdrawals. The company assured that user assets were safe, but PeckShield analysts estimated more than $15 million in damage from the hackers' actions.

An OXT Research specialist under the pseudonym ErgoBTC noted that the value of stolen assets was significantly higher. He noticed that the hackers took out from the platform not only 4836 ETH, but also 444 BTC (~$18.63 mln as of the time of writing). That way the total loss could be more than $33 million.

Adding another 444 BTC to the previously reported 4.6k ETH from yesterday's @cryptocom hack. Still no acknowledgement of loss, despite large outflows from the custodial wallet into ETH's Tornado Cash and a well known BTC tumbler (as detailed below). pic.twitter.com/GalJKM6bi9 - ∴Ergo∴ (@ErgoBTC) January 18, 2022

ErgoBTC also stressed that the attackers sent all the BTC to a bitcoin mixer address used by hackers Lazarus Group and Darkside in the past.

Speaking to Bloomberg, Marszalek didn't name the exact amount of money stolen, but stressed that on the scale of Crypto.com's business, the losses are "not particularly significant." According to him, the company is still investigating the incident and will publish a report in the next few days.

January 20, 2022 | 10:18 AM Update: Crypto.com has released an incident report. The attack affected 483 users' accounts. Hackers withdrew 4,836.26 ETH, 443.93 BTC and about $66,200 "in other currencies" from the platform. At the rate at the time of writing, the damage amounted to ~$33.93 million.

Following the 17th of Jan security incident, we are sharing our findings below, together with enhancements we've made to our security infrastructure and the introduction of the Worldwide Account Protection Program. https://t.co/6q86r0o59V pic.twitter.com/ER7DkBoX1Z & ; Crypto.com (@cryptocom) January 20, 2022

The company stressed that "in most cases" its specialists were able to prevent the withdrawal of customer funds. All affected users received a full refund.

The platform conducted a security audit, implemented a new two-factor authorization model, and introduced a customer account protection program. Under the latter, the insurance coverage of assets of "qualified users" is up to $250,000.

As a reminder, in September 2021 Crypto.com expanded its user funds insurance program to $750 million. The coverage guarantees compensation for direct and indirect losses of assets in Ledger Vault, the company's custodial partner.

Post a Comment