On January 20, Crypto.com issued an official statement to share details of its losses during a recent breach of its security network.
Nearly $34m Worth Of Digital Assets Were Stolen – Crypto.Com
Part of the statement revealed that hackers stole “444.94 BTC, 4,836.27 ETH and about $66.3K worth of other digital assets” from its platform. The current market data shows that the exchange can be estimated to have lost nearly $34m worth of users’ funds.
Why the company issued a press release today even though the security breach happened three days ago is not understandable. Users started complaining about irregular balances on January 17 to the firm’s official Twitter handle. However, the exchange responded vaguely to their complaints.
Crypto.Com Official Statement. Source: Twitter.
Following the 17th of Jan security incident, we are sharing our findings below, together with enhancements we’ve made to our security infrastructure and the introduction of the Worldwide Account Protection Program. https://t.co/6q86r0o59V pic.twitter.com/ER7DkBoX1Z
— Crypto.com (@cryptocom) January 20, 2022
Part of the press release also stated that the company’s risk monitoring systems identified suspicious activities on various user accounts without the 2FA. Hence, the exchange’s response was to stop withdrawals, disable the 2FA feature, and reset its security measures. Thus, each user had to log in again and re-activate their 2FA before performing any action on their account.
However, users were worried as the site’s systems were down for more than 13 hours. More so, the company didn’t issue any statements during this period. The firm’s CEO even fueled the fear saying, “all users’ funds are still intact.” Even after admitting that a hack truly happened while speaking with a Bloomberg TV correspondent, the exchange CEO maintained that “user’s funds weren’t at risk at all.”
He also revealed that the hack affected over 395 user accounts. Strangely, the exchange’s CEO stated that the number of affected accounts was almost insignificant compared to its user base.
Preventing Future Recurrence
Crypto.com further revealed that it had added a new security feature to its security system. This new feature would prevent any user from making a withdrawal to a new listed address unless they have been registered for at least 24 hours. The statement further read that “each user will be notified when an additional withdrawal address has been added. Hence, they’d have enough time to respond adequately.”
Crypto.com boss, Kris Marszalek, told journalists that the financial watchdogs have not called on them. He also said, “we have learned our lessons, and we continue to bolster our security system.”
Various crypto security firms have made their assertions regarding the Crypto.com incident. Also, the firm has launched a global account protection program (WAPP) which enables fast user account protection against unauthorized access or withdrawals.
Claims From Various Crypto Security Firms
One of them (Peckshield) claims that Crypto.com must have lost at least $16m worth of eth during the incident. It further stated that nearly 60% of the stolen funds must have been converted to tornado cash to turn it to clean money. Another firm (OXT Research) opined that the exchange must have lost at least $34m to the security breach incident.
ErgoBTC (another crypto-security firm) stated that the hackers stole 444 BTC, a figure that tallied with what the exchange revealed today.