Popular crypto exchange Crypto.com suffered from a security breach on Monday, which saw 483 users loose around $34 million in digital assets, the company said in a blog post on 20 January.
According to the announcement, the hacker was able to take “4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other currencies” from 483 Crypto.com customer accounts, with the total value of the stolen assets being around $34 million. The blog post also revealed that “there was no loss of customer funds” as all affected accounts have already been “fully reimbursed”. The chief information security officer of the exchange, Jason Lau, said in a statement:
“Crypto.com is a leader in security and compliance, including our recent SOC 2 announcement. While our goal is to prevent any security breaches, our industry leading insurance policy and Worldwide Account Protection Programs offer our customers additional protections in rare instances when there is an incident.”
On Monday, after reports of suspicious activities on customer accounts, Crypto.com decided to pause all withdrawals from the platform, which lasted for around 14 hours. The exchange quickly realized that a small number of transactions were being authorized without the two-factor authentication (2FA) being entered, which forced it to revoke all 2FA tokens. After this, customers were allowed to trade only after relogging and reactivating their 2F tokens.
In order to prevent future attacks, the exchange claims to have implemented a new layer of protection — called the “Worldwide Account Protection Program (WAPP)” — which will requires traders to whitelist a withdrawal address at least 24 hours before withdrawing funds. If a third party gains unauthorized access to these accounts, the exchange will be able to restore “up to USD$250,00” to qualified users.