Crypto.com hack – significantly more money stolen than expected
2 min readIn a current blog post Crypto.com comments on the hacker attack that temporarily paralyzed the US trading platform a few days ago. According to their own statements, the wallets of 483 Crypto.com users were attacked. This would have resulted in unauthorized withdrawals of 4,836.26 ETH, 443.93 BTC and $66,000 in other cryptocurrencies. The total amount of damage now amounts to around 33 million US dollars and is about twice as high as previously assumed. So far, the CRO course has largely shown itself
In this release, the company assures that they “prevented unauthorized withdrawals in most cases, and in all other cases customers have been fully refunded.”
On January 17, at around 1:46 am German time, an attack on the Crypto.com system was detected. The attackers are said to have succeeded in bypassing two-factor authentication. Crypto.com’s IT department observed transactions being approved without being cleared through 2FA control by the respective users. As BTC-ECHO reported, complaints from victims via Twitter increased at the same time.
According to Crypto.com, the payment of all tokens was immediately suspended. Overall, the attack caused the payout infrastructure to fail for a total of 14 hours. The platform has been live again since January 18, 2022 at 5:46 p.m. In an interview with Bloomberg the next day, Crypto.com CEO Kris Marszalek said that “customers’ accounts were never at risk.”
And now?
In the longer term, according to Crypto.com, the company would like to introduce multi-factor authentication (MFA). On the way there you want to adapt the system to different security precautions. The company has already completed the first update. There is now a 24-hour delay between registering a new payout address on the platform’s white list and the first payout. In addition, users should receive notifications about the addition of payout addresses in the future. These would also include “useful reminders and instructions on how to get in touch [dem Crypto.com] Team if address whitelisting was unauthorized” included.
The WAPP (Worldwode Account Protection Program) is then to be introduced. This is a type of insurance designed to “restore funds up to $250,000 for qualified users.”
Crypto.com is known for its conspicuously aggressive marketing strategy. In the past, they acquired the advertising rights to the famous Staples Center in Los Angeles, currently sponsor Formula 1 and the Italian soccer league Serie A and advertise with actors such as Matt Damon.
It remains to be seen whether the hacker attack will have a negative effect on the image of the trading platform – Crypto.com is now focusing on (re)building the trust of the community with the appropriate measures.
EU Regulator Calls for Ban on Proof-of-Work Mining Used by BTC
