Crypto.com Suffers Hack for At Least $15M in Ethereum

Cryptocurrency exchange Crypto.com has reportedly fallen victim to a hack, with at least $15 million worth of Ethereum stolen.

Despite reports of missing funds, the platform has yet to confirm that it has indeed been attacked.

With almost $3 billion in trading volume in the last 24 hours, Crypto.com is the industry’s fourth-largest centralized crypto exchange, according to CoinGecko.

A household name in Asian markets, the Singapore-based exchange recently spent $700 million to buy the naming rights to the Staples Center—the Los Angeles home venue of the NBA’s Lakers and Clippers.

On Monday, Crypto.com announced it was pausing withdrawals after “a small number of users experienced unauthorized activity in their accounts,” stressing that “all funds are safe.”

Citing the need to enhance security, the exchange also urged users to sign back into their accounts and reset their two-factor authentication (2FA).

Unpacking the Crypto.com hack

Despite users complaining about funds missing from their accounts, and Dogecoin co-founder Billy Markus pointing to “odd activity” on one of the Ethereum wallets associated with Crypto.com, the exchange announced that withdrawals had resumed at 17:42 UTC on Monday.

The events took a turn for the worse when security research company Peckshield took to Twitter in the early hours on Tuesday to reveal that Crypto.com has lost at least 4,600 ETH (around $15 million in current prices).

Peckshield added that half of the stolen funds were sent to Tornado Cash, the Ethereum-centric mixing service.

Peckshield told Decrypt via a Twitter message that the true scale of the damage is “definitely worse.”

Quite remarkably, a few hours later, Crypto.com CEO Kris Marszalek said that no customer funds were lost.

According to Marszalek, the exchange “has hardened the infrastructure in response to the incident” and “will share a full post mortem after the internal investigation is completed.”

It’s worth noting, though, that some users confirmed that the funds they claimed were missing were eventually returned to their accounts.

Decrypt has also reached to Crypto.com for comments and will update the story should we hear back.

Source: https://decrypt.co/90590/crypto-com-suffers-hack-at-least-15m-ethereum