Cryptocurrency continues to be a potential source of massive revenue for more than just investors. Hackers have repeatedly targeted virtual exchanges in recent years, and this week’s heist has taken place at Crypto.com.
In a statement, the company has confirmed “a small number of users had unauthorized crypto withdrawals on their accounts.” 483 users are said to have been affected, but the financial impact proved much larger, with the hackers getting away with 4,836.26 ETH, 443.93 BTC and approximately $66,200 in other currencies. Going by today’s rates, that’s a total of just over £25 million.
Crypto.com claims to offer “the world’s fastest growing crypto app” and has understandably been eager to reassure users. We’re informed “no customers experienced a loss of funds,” with the company confirming that unauthorised withdrawals were circumvented in most cases. Those customers who did fall foul of the hack are said have been “fully reimbursed.”
Detailing the crime, Crypto.com issued the following account of how the theft transpired:
On Monday, 17 January 2022 at approximately 12:46 AM UTC Crypto.com’s risk monitoring systems detected unauthorized activity on a small number of user accounts where transactions were being approved without the 2FA authentication control being inputted by the user. This triggered an immediate response from multiple teams to assess the impact. All withdrawals on the platform were suspended for the duration of the investigation. Any accounts found to be impacted were fully restored. Crypto.com revoked all customer 2FA tokens, and added additional security hardening measures, which required all customers to re-login and set up their 2FA token to ensure only authorized activity would occur. Downtime of the withdrawal infrastructure was approximately 14 hours, and withdrawals were resumed at 5:46 PM UTC, 18 January 2022.
Crypto.com Security Report – 20 Jan 2022
In an attempt to mitigate such problems, Crypto.com has since rolled out support for multi-factor authentication via the Worldwide Account Protection Program (WAPP). CEO Kris Marszalek insists “the safety of our customers’ funds is our highest priority” and claims ” this new Worldwide Account Protection Program, along with our new MFA infrastructure, gives our users unprecedented protection of their funds, and hopefully, peace of mind.”
Keeping a step ahead of hackers is proving to be a challenge for a number of exchanges, and Crypto.com is the latest in a long line of high-profile, high-value thefts. In 2017 more than US$60 million worth of cryptocurrency was stolen from NiceHash, and Binance suffered a similar fate in 2019, losing US$40 million.