The CEO of Singapore-based cryptocurrency exchange platform Crypto.com, Kris Marszalek, has finally confirmed that the accounts of hundreds of user accounts were compromised and funds had been stolen by hackers in a recent attack on its platform. Also Read - Crypto regulations will take time, says Finance Minister Nirmala Sitharaman
UPDATE: Crypto.com in its internal investigation has found out that the accounts of a total of 483 users were compromised in the data breach during which unauthorised withdrawals totaling to 4,836.26 ETH or 443.93 BTC ($66,200) were made. To mitigate the issue the company has migrated to a new 2FA infrastructure. It has also introduced an additional layer of security that would entail a mandatory 24-hour delay between registration of a new whitelisted withdrawal address and the first withdrawal. Also Read - FM Nirmala Sitharaman says biggest risk of crypto is laundering, terror financing
In addition to that the company said that it is introducing the Worldwide Account Protection Program (WAPP), which will protect user funds in cases where a third party gains unauthorised access to their account and withdraws funds without the user’s permission. Also Read - Crypto tax after March 31: Should you withdraw or stay put?
Marszalek acknowledged the hack in an interview with Bloomberg TV wherein he confirmed that a total of 400 accounts on its platform had been compromised in the recent breach. He also said that the exchange was back online after 13-14 hours of downtime and that all impacted customers had been fully reimbursed with the stolen funds.
JUST IN: CEO @cryptocom’s Kris Marszalek discusses the site’s recent hack with @BloombergTV’s @emilychangtv. “Customer funds were never at risk.” #TheYearAhead pic.twitter.com/YlCtGO60t5
— Bloomberg Live (@BloombergLive) January 19, 2022
The Crypto.com CEO doubled down on his interview with a tweet wherein he said, “no customer funds were lost…the downtime of withdrawal infra was ~14 hours…our team has hardened the infrastructure in response to the incident.” “We will share a full post mortem after the internal investigation is completed,” he added.
Some thoughts from me on the last 24 hours:
– no customer funds were lost
– the downtime of withdrawal infra was ~14 hours
– our team has hardened the infrastructure in response to the incidentWe will share a full post mortem after the internal investigation is completed.
— Kris | Crypto.com (@Kris_HK) January 18, 2022
Notably, this is the first acknowledgement of the hack by the company which paused all withdrawals from its platform on Sunday owing to “unauthorised activity” in some accounts. “Earlier today a small number of users experienced unauthorized activity in their accounts. All funds are safe,” Crypto.com wrote in a tweet on Monday. At the same time, it asked its customers to reset their two-factor authentication (2FA) and sign back into their app and exchange accounts “in an abundance of caution”.
The company also reassured its customers numerous times that all of their funds were safe, which made several people believe that Crypto.com would cover all the losses instead of passing them on to the customers.
1/2
Earlier today a small number of users experienced unauthorized activity in their accounts. All funds are safe.In an abundance of caution, security on all accounts is being enhanced, requiring users to:
-Sign back into their App & Exchange accounts
-Reset their 2FA— Crypto.com (@cryptocom) January 17, 2022
As far as the losses are concerned, the Crypto.com CEO didn’t share the amount that had been stolen by the hackers in the interview. However, he did say that the company was still conducting its internal investigation and that it would share the results once the post-mortem was complete. However, reports estimate the losses between $15 million worth of ETH to $30 million worth of ETH. Blockchain security provider PeckShield estimates the losses to be around $15 million. While blockchain analyst firm OXT Research estimated the losses to be around $33 million, TechCrunch reported.
