Crypto.com Admits $35 Million Hack

Crypto.com, one of the biggest and best known cryptocurrency exchanges in the world now backed by superstar actor Matt Damon, has admitted that 483 of its users were hit in a hack earlier this month, leading to unauthorized withdrawals of bitcoin and Ether worth $35 million. The company had initially said $15 million was taken in the heist.

“On 17 January 2022, Crypto.com learned that a small number of users had unauthorized crypto withdrawals on their accounts,” Cyrpto.com wrote in a post on Thursday. “Crypto.com promptly suspended withdrawals for all tokens to initiate an investigation and worked around the clock to address the issue. No customers experienced a loss of funds. In the majority of cases we prevented the unauthorized withdrawal, and in all other cases customers were fully reimbursed.”

The company said that on Monday it saw that for a handful of accounts, transactions were being approved without the second-factor of authentication (the additional one-time code beyond the password allowing access to an account) being entered by a user. As it investigated, all withdrawals across Crypto.com were put on hold, lasting 14 hours. It then required all customers to login again and go through a new two-factor authentication process.

As an additional measure, Crypto.com introduced a feature that means when a new address is added as a payee on an account, the user will get notifications and have 24 hours to cancel any payment if they didn’t authorize it.

Finally, it’s announced the Worldwide Account Protection Program (WAPP), promising to restore funds up to $250,000 for users who qualify. To qualify, users have to be using multi-factor authentication and have filed a police report that it can show Crypto.com. “While we are reminded of the existence of bad actors intent on committing fraud, this new Worldwide Account Protection Program, along with our new MFA [multi-factor authentication] infrastructure, gives our users unprecedented protection of their funds, and hopefully, peace of mind,” said Kris Marszalek, cofounder and CEO of Crypto.com.

There remains little in the way of an explanation of how the attack actually occurred, however. The internal investigation continues.

The company has been making a name for itself of late with partnerships with Matt Damon and Water.org, as well as its purchase of the naming rights to the Staples Center in Los Angeles.

The breach at Crypto.com is one of many hacks resulting in multimillion losses in the cryptocurrency industry. Indeed, it pales in comparison to the huge $600 million theft that hit blockchain-based platform Poly Network. That story took a strange turn when the hacker gave back all the funds.

Source: https://www.forbes.com/sites/thomasbrewster/2022/01/20/cryptocom-admits-35-million-hack/