Hacks News

Crypto.com hack revealed: Attackers stole $34 million from 483 accounts


The leading cryptocurrency exchange crypto.com suffered a breach on its platform on 17 January, and the community had since been waiting for a detailed analysis of the hack to be released. While several independent analysts had uncovered parts of the heist, Crypto.com has now released a postmortem for the same, revealing the breach of around 483 accounts.

In a blog post shared earlier today, the Singapore-based exchange admitted that a total of 4,836.26 ETH, 443.93 BTC, and approximately US$66,200 in other currencies were stolen. This amounted to almost $34 million at the time of writing.

However, the exchange has also claimed that no customers experienced a loss of funds. It added that while unauthorized withdrawals were blocked in most of the cases, the remaining aggrieved customers were fully reimbursed.

Two-Factor Un-authorization
The unauthorized activity was detected by the exchange in the early hours of 17 January, post which all withdrawals were suspended to prevent further losses. This caused a total downtime of around 14 hours.
The post-mortem noted that an alarm was raised when platform administrators realized that withdrawals were being initiated without the completion of Two-Factor Authentication (2FA).

“Crypto.com revoked all customer 2FA tokens, and added additional security hardening measures, which required all customers to re-login and set up their 2FA token to ensure only authorized activity would occur.”

Shortly after the hack, a prognosis carried out by security consultancy Peckshield had earlier found that the stolen ETH tokens were being laundered through Tornado Cash, which is an Ethereum mixer.
The stolen Ether was being sent through the mixer in batches of 100 tokens. Ethereum mixers break the on-chain link between the sender and recipient address, allowing users to remove their tokens’ transaction history and remain anonymous.

Later on 19 January, Bitcoin researcher ‘Ergo’ also took to Twitter to reveal that stolen Bitcoin was being laundered in a similar fashion through “a well-known BTC tumbler.”

Multi-Factored Response
In order to increase the platform’s security, Crypto.com claims to have revamped its 2FA infrastructure. It added that a shift to Multi-Factor Authentication (MFA) will be undertaken soon, for which it will be releasing additional end-user security features.

Apart from this, a mandatory 24-hour delay between registration of a new whitelisted withdrawal address, and first withdrawal has also been enacted.

Support CryptoCaster with any amount of Bitcoin by copying and pasting our Unstoppable Domain; villagewest.crypto in your sending wallet or crypto coin exchange.

Your contribution support will help in our growth, coverage, and global presence. CryptoCaster is a decentralized publisher “Covering a Global Evolution Re-defining Mediums Of Exchange”. We will continue to upgrade and create impactful sections to our lineup.
Any amount, as often as you can contribute will be greatly appreciated.
Every contribution, however big or small, is so valuable for our future. Thank you for your consideration and support!
Member of Global Meta Media Consortium℠www.g2mc.world

Being the third-largest cryptocurrency spot exchange globally, the breach could have potentially translated to a full-blown PR disaster for the firm. This would have been especially harrowing since it recently spent $700 million to purchase the naming rights to the Los Angeles Lakers and Clippers Arena.

Moreover, its viral advertisements featuring Matt Damon had already run into trouble recently for being misleading to un-knowledgeable investors.

However, its quick response and reimbursement of lost funds could work in its favor when compared to how other exchanges had reacted to similar incidents. For instance, users of both Bitmart and Cream Finance, which lost $200 million and $18.8 million in similar hacks last year, have been expressing agitation over continued delays on the promised reimbursement of their lost funds. CRYPTOCASTER® - DECENTRALIZED FREEDOM!

Please Read Essential Disclaimer Information Here.
© 2024 Crypto Caster provides information. CryptoCaster.world does not provide investment advice. Do your research before taking a market position on the purchase of cryptocurrency and other asset classes. Past performance of any asset is not indicative of future results. All rights reserved.

Contribute to CryptoCaster℠ Via Metamask or favorite wallet. Send Coin/Token to Addresses Provided Below.
Thank you!
BTC – bc1qgdnd752esyl4jv6nhz3ypuzwa6wav9wuzaeg9g
ETH – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D
MATIC – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D
LITECOIN – ltc1qxsgp5fykl0007hnwgl93zr9vngwd2jxwlddvqt

You may also like