Menu

Search

  |   Technology

Menu

  |   Technology

Search

Crypto.com hackers stole over $30 million following after bypassing 2FA for 483 users

Photo credit: Kanchanara / Unsplash

Crypto.com confirmed that 483 users were affected by a hacking incident detected earlier this week. The cryptocurrency exchange platform said the culprits stole more than $30 million, but that no customers lost money.

“On Monday, 17 January 2022 at approximately 12:46 AM UTC Crypto.com’s risk monitoring systems detected unauthorized activity on a small number of user accounts where transactions were being approved without the [two-factor authentication] control being inputted by the user,” Crypto.com said in a blog post on Thursday. The company said it promptly detected the suspicious activities, resulting in the temporary suspension of withdrawals for about 14 hours while they investigated the incident on Tuesday.

Hackers took 4,836.26 ETH (around $13.8 million), 443.93 BTC (around $17.2 million), and about $66,200 in other cryptocurrencies. But Crypto.com said no customers suffered a loss of funds because most of the unauthorized transactions were blocked, while the rest of the affected users were reimbursed.

Immediately upon detecting the suspicious withdrawals, Crypto.com said it revoked all 2FA tokens. It required users to refresh their logins so they could set up new 2FA tokens. The platform also introduced immediate changes in its security measures. Starting Jan. 18, Crypto.com users who will register a new whitelisted withdrawal address will have to go through a mandatory 24-hour delay before making their first successful withdrawal.

The company said it had conducted first-party and third-party security checks to test its platform’s security. Crypto.com also confirmed it will introduce new end-user security features as part of its plan to transition from 2FA to multi-factor authentication.

Following the hacking incident, Crypto.com also launched the Worldwide Account Protection Program (WAPP) to protect funds being transacted through its services. In case of future security breaches, WAPP would help affected customers to retrieve up to $250,000 of compromised funds.

However, users will have to qualify for WAPP. Crypto.com will require customers to enable MFA for all transactions, have an anti-phishing code set up 21 days before the reported unauthorized activity, provide a copy of a police report of the incident, and answer a questionnaire for forensic investigation.

Photo by Kanchanara on Unsplash

  • Market Data
Close

Welcome to EconoTimes

Sign up for daily updates for the most important
stories unfolding in the global economy.