Crypto.com admits a $ 35 million attack

Crypto.com admits $ 35 million attack - crypto.com TOKEN CROCrypto.com, one of the largest and best-known cryptocurrency exchanges in the world now backed by superstar actor Matt Damon, admitted that 483 of its users were affected in a hack earlier this month, leading to unauthorized withdrawals. of bitcoin and Ether for a value of 35 million dollars. The company originally said $ 15 million was taken in the theft.

2-factor authentication required

“On January 17, 2022, Crypto.com learned that a small number of users had unauthorized crypto withdrawals on their accounts,” Cyrpto.com wrote in a post on Thursday. “Crypto.com promptly suspended withdrawals for all tokens to initiate an investigation and worked around the clock to resolve the issue. No customer has suffered a loss of funds. In most cases we have prevented unauthorized withdrawals, and in all other cases customers have been fully refunded ”.

The company said Monday saw that for a handful of accounts, transactions were approved without the second authentication factor (the one-time additional code besides the password that allows access to an account) being entered by a user. While he was investigating, all withdrawals on Crypto.com were put on hold, for 14 hours. He then required all customers to log in again and go through a new two-factor authentication process.

As an additional measure, Crypto.com has introduced a feature which means that when a new address is added as a beneficiary of an account, the user will be notified and will have 24 hours to cancel any payment if they have not authorized it.

Internal investigation continues

Finally, it announced the Worldwide Account Protection Program (WAPP), promising to restore funds of up to $ 250.000 for users who qualify. To qualify, users must use multi-factor authentication and have submitted a police report which can show Crypto.com. “While we are reminded of the existence of bad actors committing fraud, this new Worldwide Account Protection Program, together with our new MFA [multi-factor authentication] infrastructure, gives our users unprecedented protection of their funds, and we hope , peace of mind, ”said Kris Marszalek, co-founder and CEO of Crypto.com.

Little remains in the way of explaining how the attack actually occurred, however. Internal investigation continues. The company recently made a name for itself through partnerships with Matt Damon and Water.org, as well as acquiring the naming rights to the Staples Center in Los Angeles.

The Crypto.com hack is one of the many hacks that have resulted in multimillion-dollar losses in the cryptocurrency industry. In fact, it pales in comparison to the massive $ 600 million theft that hit the blockchain-based platform Poly Network. That story took a strange turn when the hacker returned all the funds.