Crypto.com has confirmed that more than $30 million in cryptocurrency was stolen from some of its users
The hack affected the wallets of 483 users, with the thieves aiming for 4,836.26 in ether (about $15 million), 443.93 in bitcoin (roughly $18 million) and approximately $66,200 in other currencies. All those funds have been restored.
Crypto.com did not specify who are behind the attack, or where the attack originated. But in describing the incident, it pointed to a now-remediated soft spot in its user authentication process. Risk monitoring systems had detected unauthorized activity on a small number of user accounts where transactions were being approved without the 2FA authentication control being inputted by the user.
The company says it has completely revamped its two-factor authentication (2FA) technology.
Crypto.com originally had said that it had “a small number of users reporting suspicious activity on their accounts” and provided no further detail, stirring up speculation about what happened. The company’s profile has risen in recent months, as it secured naming rights to a Los Angeles arena and began airing commercials featuring actor Matt Damon.
Once after the attack occurred, they immediately engaged with third-party security firms to perform additional security checks on our platform, as well as initiating additional threat intelligence services. Eventually, the current updated 2FA system will be replaced by true Multi-Factor Authentication (MFA), providing added strength for our global user base.
Crypto.com also said it would creating a Worldwide Account Protection Program (WAPP), which is designed to protect funds in case of any unauthorised third-party access to the funds without user knowledge . It will restore the funds up to USD$250,000 for qualified users.