Crypto.com Refunds Users After 483 Accounts Were Hacked

  • According to the company, the hacker stole “4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other currencies” from 483 accounts.
  • In order to prevent future attacks, Crypto.com has implemented a new layer of security called “Worldwide Account Protection Program (WAPP)”.
crypto.com tablet

Shutterstock

Popular crypto exchange Crypto.com suffered from a security breach on Monday, which saw 483 users loose around $34 million in digital assets, the company said in a blog post on 20 January.

According to the announcement, the hacker was able to take “4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other currencies” from 483 Crypto.com customer accounts, with the total value of the stolen assets being around $34 million. The blog post also revealed that “there was no loss of customer funds” as all affected accounts have already been “fully reimbursed”. The chief information security officer of the exchange, Jason Lau, said in a statement:

“Crypto.com is a leader in security and compliance, including our recent SOC 2 announcement. While our goal is to prevent any security breaches, our industry leading insurance policy and Worldwide Account Protection Programs offer our customers additional protections in rare instances when there is an incident.”

On Monday, after reports of suspicious activities on customer accounts, Crypto.com decided to pause all withdrawals from the platform, which lasted for around 14 hours. The exchange quickly realized that a small number of transactions were being authorized without the two-factor authentication (2FA) being entered, which forced it to revoke all 2FA tokens. After this, customers were allowed to trade only after relogging and reactivating their 2F tokens.

In order to prevent future attacks, the exchange claims to have implemented a new layer of protection — called the “Worldwide Account Protection Program (WAPP)” — which will requires traders to whitelist a withdrawal address at least 24 hours before withdrawing funds. If a third party gains unauthorized access to these accounts, the exchange will be able to restore “up to USD$250,00” to qualified users.

Discussion
11 comments
Loading comments...
Related Coverage
Unibot to Compensate Users Affected by Exploit
  • Popular Telegram bot Unibot, which is used to snipe trades on Uniswap, became a victim of a token approval exploit earlier today, when it was switching to a new router.
  • After confirming the exploit, Unibot assured users that their keys and wallets were safe, and that the project will compensate all affected users.
October 31, 2023, 3:01 PM
unlock

Shutterstock

Balancer Exploited After Giving Warning
  • DeFi protocol Balancer confirmed it was exploited almost a week after disclosing a critical vulnerability affecting several of its boosted pools.
  • The platform did its best to mitigate some of the risks but was unable to pause the affected pools, and an estimated $980,000 in DAI were stolen in an attack.
Kroll Data Breach Compromises FTX, BlockFi Customer Information
  • A cyber security incident at bankruptcy service provider Kroll has resulted in the exposure of “non-sensitive” customer data for claimants involved in the FTX and BlockFi cases.
  • Both companies confirmed that account passwords, systems, and funds remained safe, but warned customers to be on the lookout for phishing scams.