Crypto.com reveals details of recent hack; around $34 million withdrawn from the platform
During the attack on Crypto.com’s infrastructure, around 400 user accounts were compromised. The cryptocurrency platform reimbursed the losses to customers, so their funds were not affected, said Kris Marszalek.
On wider crypto adoption and the number of global crypto users rising to 1 billion in 2022, «I think one of the key things to look at here is the expansion of use cases.» CEO @cryptocom’s Kris Marszalek tells @BloombergTV’s @emilychangtv #TheYearAhead pic.twitter.com/ewK9MvEdHD
— Bloomberg Live (@BloombergLive) January 19, 2022
«We moved quickly to stop it, froze withdrawals, fixed it and were back online roughly 13-14 hours later. On the same day, all affected accounts were reimbursed. Therefore there were no losses of client funds,» said Marszalek.
On January 17, after customers reported suspicious activity on their accounts, Crypto.com suspended withdrawals. The company assured that user assets were safe, but PeckShield analysts estimated the damage from the hackers’ actions at more than $15 million.
OXT Research specialist ErgoBTC noted that the value of stolen assets was significantly higher. He pointed out that the hackers withdrew not only 4,836 ETH, but also 444 BTC (~$18.63 million at the time of writing). Thus total losses could exceed $33 million.
Adding another 444 BTC to the previously reported 4.6k ETH from yesterday’s @cryptocom hack.
Still no acknowledgement of loss, despite large outflows from the custodial wallet into ETH’s Tornado Cash and a well known BTC tumbler (as detailed below). pic.twitter.com/GalJKM6bi9
— ∴Ergo∴ (@ErgoBTC) January 18, 2022
ErgoBTC also noted that the attackers sent all BTC to a bitcoin mixer address, which in the past was used by hacker Lazarus Group and Darkside.
In a Bloomberg interview, Marszalek did not name the exact amount stolen, but stressed that losses were “not particularly substantial” in the scale of the business. He said the company is still conducting an investigation and will publish a corresponding report in the coming days.
Crypto.com published an incident report. The attack affected 483 user accounts. Hackers withdrew 4,836.26 ETH, 443.93 BTC and about $66,200 “in other currencies”. At the time of writing, the damage amounted to ~$33.93 million.
Following the 17th of Jan security incident, we are sharing our findings below, together with enhancements we’ve made to our security infrastructure and the introduction of the Worldwide Account Protection Program. https://t.co/6q86r0o59V pic.twitter.com/ER7DkBoX1Z
— Crypto.com (@cryptocom) January 20, 2022
The company stressed that, in most cases, its specialists were able to prevent the withdrawal of client funds. All affected users received full reimbursement.
The platform conducted a security audit, implemented a new two-factor authentication model, and introduced a customer account protection program. Under the latter, insurance coverage for the assets of “qualified users” is up to $250 000.
Earlier in September 2021, Crypto.com expanded the scope of the user funds insurance program to $750 million. The coverage guarantees reimbursement of direct and indirect losses of assets held in Ledger Vault — the company’s custodian partner.
Read ForkLog’s Bitcoin news in our Telegram — cryptocurrency news, prices and analysis.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!