Crypto.com CEO confirms major data breach: Here’s what we know so far
Crypto.com CEO Kris Marszalek also reassured the company's customers numerous times that all of their funds were safe.
Updated:Thu, January 20, 2022 7:32pm
The CEO of Singapore-based cryptocurrency exchange platform Crypto.com, Kris Marszalek, has finally confirmed that the accounts of hundreds of user accounts were compromised and funds had been stolen by hackers in a recent attack on its platform.
UPDATE: Crypto.com in its internal investigation has found out that the accounts of a total of 483 users were compromised in the data breach during which unauthorised withdrawals totaling to 4,836.26 ETH or 443.93 BTC ($66,200) were made. To mitigate the issue the company has migrated to a new 2FA infrastructure. It has also introduced an additional layer of security that would entail a mandatory 24-hour delay between registration of a new whitelisted withdrawal address and the first withdrawal.
In addition to that the company said that it is introducing the Worldwide Account Protection Program (WAPP), which will protect user funds in cases where a third party gains unauthorised access to their account and withdraws funds without the user's permission.
Marszalek acknowledged the hack in an interview with Bloomberg TV wherein he confirmed that a total of 400 accounts on its platform had been compromised in the recent breach. He also said that the exchange was back online after 13-14 hours of downtime and that all impacted customers had been fully reimbursed with the stolen funds.
The Crypto.com CEO doubled down on his interview with a tweet wherein he said, "no customer funds were lost the downtime of withdrawal infra was ~14 hours our team has hardened the infrastructure in response to the incident." "We will share a full post mortem after the internal investigation is completed," he added.
Notably, this is the first acknowledgement of the hack by the company which paused all withdrawals from its platform on Sunday owing to "unauthorised activity" in some accounts. "Earlier today a small number of users experienced unauthorized activity in their accounts. All funds are safe," Crypto.com wrote in a tweet on Monday. At the same time, it asked its customers to reset their two-factor authentication (2FA) and sign back into their app and exchange accounts "in an abundance of caution".
The company also reassured its customers numerous times that all of their funds were safe, which made several people believe that Crypto.com would cover all the losses instead of passing them on to the customers.
As far as the losses are concerned, the Crypto.com CEO didn't share the amount that had been stolen by the hackers in the interview. However, he did say that the company was still conducting its internal investigation and that it would share the results once the post-mortem was complete. However, reports estimate the losses between $15 million worth of ETH to $30 million worth of ETH. Blockchain security provider PeckShield estimates the losses to be around $15 million. While blockchain analyst firm OXT Research estimated the losses to be around $33 million, TechCrunch reported.