After many rumors and evasive statements, the cryptocurrency platform Crypto.com has now admitted: Hackers have captured Bitcoin and Ethereum worth over 30 million US dollars.
For days, the rumor mill has been simmering around an alleged hack on the cryptocurrency platform Crypto.com. But the company has so far shied away from making a clear statement.
Now, CEO Kris Marszalek has finally admitted that hackers have captured over $30 million worth of Bitcoin and Ethereum.
Hack on Crypto.com: This is what happened
In a blog post published Thursday morning, Marszalek describes what happened.
483 users affected, withdrawals blocked for 14 hours
Accordingly, the risk systems had noticed on 17 January for the first time unauthorized activities in a few customer accounts. Transactions were approved without users having entered their own two-factor authorization (2FA). As a result, all withdrawals on the platform were blocked for about 14 hours.
A total of 483 users were affected, and the unauthorized withdrawals of Ethereum and Bitcoin amount to 4,836.26 ETH, 443.93 BTC and the equivalent of 66,200 US dollars in other cryptocurrencies.
Since then, Crypto.com have withdrawn all existing 2FA tokens from circulation. Users had to log in again and set up their two-factor authorization again.
New security structure on Crypto.com
Since then, Crypto.com has revised its security structure and 2FA. In addition, users with new accounts are now only allowed to make their first withdrawal after 24 hours. Users also receive notifications when new withdrawal addresses are added, giving them time to report suspicious activity.
In addition, the crypto exchange has launched an internal investigation to further improve security on the platform in the future. In the long term, the platform wants to expand the authorization process from a two-factor authorization to a multi-factor authorization.
Days of excuses from Crypto.com
After many excuses and evasive answers, this is the first time that Crypto.com not only confirms the hack, but also admits that customers have incurred losses.
Customers of Crypto.com had suspected for some time that something was wrong on the crypto platform, among other things because they suddenly could no longer make withdrawals.
But Crypto.com officially spoke only of a “security incident” and assured that only a few accounts were affected. On Monday evening, CEO Marszalek assured on Twitter that no customer funds were affected by the hack.
But these all seem to have been just excuses. Shortly after Marszalek’s tweet, security firm Peck Shield commented on Twitter, claiming that the losses were Crypto.com in reality amounted to $15 million in Ethereum.
These are currently on their way to the Tornado Cash platform for “washing”. Tornado Cash is a crypto tool that can hide where cryptocurrencies are sent via a “mixer”.
Finally, on Wednesday, Marszalek commented on the topic in an interview with Bloomberg, officially confirming the hack for the first time. Marszalek also admitted that about 400 accounts were affected. Today followed the blog post, with a more detailed description of the incidents.
Nevertheless, not all questions have been clarified yet. Crypto.com, for example, did not explain how the hack could have come about in the first place.
Numerous hacks on crypto exchanges in 2021
Crypto.com is another example of the increasing number of hacks on crypto exchanges. In 2021, there were 20 hacks on crypto exchange exchangesthat stole more than $10 million. In other attacks, criminals were even able to capture up to $100 million.
This is an indication that there is a lot of money moving in the crypto world and exchanges such as Crypto.com are becoming increasingly attractive to criminals.
Crypto.com is probably one of the most well-known crypto exchanges. The Singapore-based company advertises with celebrities like Matt Damon and sponsors numerous sports teams, such as the Los Angeles basketball team, the Lakers. The stadium of the Lakers is therefore now called Crypto.com Arena.