Crypto.com finally confirms major hack, says it lost $34 million
Cryptocurrency trading platform Crypto.com has formally confirmed on Thursday that it suffered a major security breach after suspending withdrawals for more than 14 hours on Monday in an incident that has annoyed some of its users because of the company's opaque way of handling the incident.
In a statement posted on its website, the company said that hackers gained access to the accounts of 483 users on Monday, from where the intruders stole around $34 million, representing 4,836.26 ETH and 443.93 BTC.
Crypto.com said it detected the incident right away after its risk monitoring system started flagging suspicious transactions that were being approved without a two-factor authentication (2FA) challenge being inputted by the account owners.
While the company did not go into the technical details of how this was possible, Crypto.com assumed all responsibility for the hack and restored any stolen funds to the affected accounts.
Since then, the company said it has been working to shift its 2FA infrastructure to a new system.
As a result of the unexpected migration, all Crypto.com users were asked on Monday and through the week to re-login and re-setup their 2FA options.
In addition, the exchange said it also implemented a new rule for all user accounts where any new "withdrawal" address added to a profile can't be used to receive funds in the first 24 hours, a measure that would prevent hackers from emptying accounts within seconds, and give account owners a chance to spot any rogue modifications.
Monday's hack marks the first major security breach that Crypto.com has had to deal with. The company has recently invested a lot into its marketing efforts in an attempt to dethrone already-established names in the cryptocurrency exchange space like Coinbase and Binance. Currently, Crypto.com is ranked as one of the world's Top 10 cryptocurrency exchanges.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.