Hacker Steals USD 15M from Crypto.com, Say Analysts; Platform Claims User Funds Weren’t Lost
Major crypto platform Crypto.com has lost millions of dollars in crypto in yesterday’s attack, claim analysts, while the platform’s CEO is assuring the public that customer funds have not been lost.
(Updated at 11:25 UTC with a tweet from CEO Kris Marszalek; updates in bold.)
Crypto.com CEO Kris Marszalek tweeted “some thoughts” on Tuesday regarding the event of the previous 24 hours. The first thing he noted is that “no customer funds were lost” in the incident. However, he made no mention of any other funds being stolen.
Meanwhile, blockchain security and data analytics company PeckShield argued that Crypto.com actually lost some USD 15m in the incident. “At least” ETH 4,600 (USD 14.53m) is included in that sum. Half of this, claims the company, is “currently being washed” via decentralized mixer protocol Tornado Cash.
Yet, both Marszalek’s and PeckShield statements could be true at the same time.
Cryptonews.com has reached out to Crypto.com for comment.
Marszalek said that there will be a full postmortem report shared after “the internal investigation is completed,” without providing further details on the incident.
What he did share among his “thoughts” is that the team “hardened” the infrastructure in response to this event, and that “the downtime of withdrawal infra was ~14 hours.”
At 10:17 UTC on Tuesday morning, the CEO tweeted that the platform has re-enabled the whitelisting of new addresses. Furthermore, the team introduced an additional layer of security, Marszalek said: “there is now a 24 hour delay between registration of a new whitelisted address and first withdrawal.”
As reported, Crypto.com said yesterday that it had temporarily suspended withdrawals due to “unauthorized activity” in “a small number” of user accounts. In comments, several users claimed that their accounts had been hacked and their funds stolen.
The withdrawal services have since been restored.
Withdrawals have been resumed.— Kris | Crypto.com (@kris) January 17, 2022
Please allow us some time to catch up with the backlog accumulated over the last couple of hours.
The team also beefed up the 2FA systems to deal with increased traffic.
Thank you for your patience. https://t.co/UA4vO5I4ZW
And while many are praising the platform’s response and what they find to be full transparency, others are arguing the exact opposite, claiming that Crypto.com failed to share relevant information – including how much (and which) money they have lost.
Meanwhile, Crypto.com also announced that it made a five-year partnership with the Australian Football League (AFL), which will see Crypto.com become the Official Cryptocurrency Exchange and Official Cryptocurrency Trading Platform of AFL and AFLW (AFL Women’s).
The platform also said that its investment arm, Crypto.com Capital, hired technology journalist Jon Russell as the fund’s newest Asia-based partner. The USD 200m fund was launched in March 2021 to invest in early-stage startups. “Crypto.com Capital now at [USD] 500m — backing founders building the future of the internet,” Marszalek tweeted today.
At 9:26 UTC, Crypto.com’s native token CRO was trading at USD 0.44 and was down 3% in a day and less than 1% in a week.
– Crypto Security in 2022: Prepare for More DeFi Hacks, Exchange Outages, and Noob Mistakes
– 1B Crypto Users, Friendlier Regulations, Countries Adopting Crypto – Crypto.com’s 2022 Predictions
– Crypto.com To Boost US Presence With a USD 216M Deal
– CRO Rallies as Crypto.com Scores USD 700M Arena Deal
– Watch How Matt Damon Helps Crypto.com Spend USD 100M On Global Campaign
– Crypto.com Aiming to Hit 100 million User Target by 2023 as CRO Surges