Crypto.com became one of the recent platforms to face an attack from hackers, leaving a number of users with huge losses. Several users called out the exchange to complain about their account’s fraudulent activities. However, it took a few hours for the platform to respond to the calls.
Furthermore, a blockchain security firm, Peckshield, issued an alert tweet, stating that the figures were as high as $15 million. Later in the day, Crypto.com CEO Kris Marszalek said that there were no missing customer funds. He further explained that an investigation was underway to ascertain the level of the damage.
Following the 17th of Jan security incident, we are sharing our findings below, together with enhancements we’ve made to our security infrastructure and the introduction of the Worldwide Account Protection Program. https://t.co/6q86r0o59V pic.twitter.com/ER7DkBoX1Z
— Crypto.com (@cryptocom) January 20, 2022
Result of the Findings
In a blog post it shared, Crypto.com confirmed a hack on 483 of its users. This resulted in $35 million in illicit Bitcoin and Ether withdrawals. To begin an investigation, Crypto.com said it immediately suspended all token withdrawals. It worked nonstop to resolve the problem. According to the popular Singapore-based exchange, no customer funds went missing.
Additionally, the exchange said it blocked the majority of fraudulent withdrawals. Clients were completely compensated in all other situations. Furthermore, unauthorized withdrawals totaled 4,836.26 ETH, 443.93 BTC, and $66,200 in other cryptocurrencies.
Crypto.com’s risk monitoring systems discovered illegal activity on a small number of user accounts on Monday, January 17th, 2022, at around 12:46 AM UTC. It observed transactions approved without the user entering the 2FA authentication control. According to the exchange, this elicited a fast reaction from several teams to assess the situation. For the duration of the investigation, it halted all withdrawals on the site. In addition, Crypto.com recovered accounts that looked compromised.
Furthermore, it revoked all customer 2FA tokens. The exchange also implemented additional security tightening mechanisms. This mechanism required all customers to re-login and set up their 2FA token. This move guaranteed that only permitted transactions occurred. The platform resumed withdrawals after a 14-hour outage of the withdrawal infrastructure.
How Was It Corrected?
Internally, Crypto.com carried out a full audit of the entire infrastructure and announced modifications to further harden the security posture. Crypto.com said it conducted internal and external vulnerability scans. However, the company enlisted the help of third-party security organizations to do enhanced security assessments on its site.
The platform also hinted a shift from 2-factor authentication toward genuine multi-factor authentication (MFA). Furthermore, Crypto.com will release more end-user security features, further protecting its global user base.
Amongst its many security changes, Crypto.com also included a feature that ensures that when it spots a new address as a beneficiary on an account, the user will receive a message. Furthermore, such users will have 24 hours to revoke any payments they didn’t approve.
Other Enhancement Features
Furthermore, the platform announced the Worldwide Account Protection Program (WAPP) as a way forward. It promised to refund cash up to $250,000 to users who meet the criteria. To be eligible, users must use multi-factor authentication and have a police report that Crypto.com can see.
Kris Marszalek, co-founder and CEO of Crypto.com, hinted on the importance of this new feature. He said, “While we are reminded of the existence of bad actors intent on committing fraud, this new worldwide Account Protection Program, along with our new MFA infrastructure, gives our users unprecedented protection of their funds, and hopefully, peace of mind.”
However, there is still no justification for how the incident happened in the first place. Crypto.com ranks as one of the largest exchange platforms. The breach is the latest in a series of cyberattacks aimed at crypto exchanges. Reports showed that about 20 exchanges suffered attacks in 2021. Losses suffered sometimes peaked at $100 million.
Join us on Telegram to receive free trading signals.
For more cryptocurrency news, check out the Altcoin Buzz YouTube channel.