In Brief:
- Crypto.com lost about $34M following a hack with 483 accounts being compromised.
- Unauthorized withdrawals include 4,836.26 Ethereum, 443.93 Bitcoin, and about $66,200 in other cryptocurrencies.
- The firm is launching the Worldwide Account Protection Program designed to protect user funds from hack attacks.
Crypto.com confirms about $34 million was lost earlier this week after the firm’s security got breached by hackers.
The platform published a blog post stating that 483 user accounts were affected by the hack resulting in unauthorized withdrawals totaling 4,836.26 Ethereum, 443.93 Bitcoin, and approximately $66,200 in other cryptocurrencies. This totals to about $33.84 M in currency prices.
Crypto.com halted withdrawals and began an investigation a few days back on some suspicious activities reported by users saying their crypto was missing from their wallets. The platform reassured users that no funds have been lost but Peckshield reported the platform lost about $15M worth of crypto assets.
CEO Kris Marszalek later stated in a Bloomberg interview that the firm still hasn’t received any outreach from regulators following the hack event.
Marszalek did not provide details as to how the hack occurred. He added that the platform was back online about 13-14 hours after the hack event and all the affected accounts were reimbursed.
Crypto.com reported that the security of the platform was breached due to some issues with 2FA.
The firm also stated that it revamped and migrated to an entirely new 2FA infrastructure after analyzing the whole incident.
To make sure that the new infrastructure was in place, 2FA tokens were revoked for all users across the world.
Crypto.com added an additional layer of security by implementing a 24-hour delay between the registration of a new whitelisted withdrawal address and the first withdrawal.
Users will be notified when withdrawal addresses are added, giving them enough time to react and respond.
They also announced the launch of the Worldwide Account Protection Program (WAPP), developed to protect user funds in cases where a third party gains unauthorized access to their account and withdraws funds without the user’s permission.
WAPP allows for the restoration of funds up to $250,000. It is subject to a number of conditions, including the requirement to enable multi-factor authentication
It also requires the user to set up an anti-phishing code at least 21 days prior to the reported unauthorized transaction.
WAPP will be available at selected markets beginning February 1, 2022.
Kris Marszalek noted, “The safety of our customers’ funds is our highest priority, and we are continually enhancing our Defence-in-Depth security and protection measures. While we are reminded of the existence of bad actors intent on committing fraud, this new Worldwide Account Protection Program, along with our new MFA infrastructure, gives our users unprecedented protection of their funds, and hopefully, peace of mind.”
