Crypto.com Refunds Users After 483 Accounts Were Hacked

  • According to the company, the hacker stole “4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other currencies” from 483 accounts.
  • In order to prevent future attacks, Crypto.com has implemented a new layer of security called “Worldwide Account Protection Program (WAPP)”.
crypto.com tablet

Shutterstock

Popular crypto exchange Crypto.com suffered from a security breach on Monday, which saw 483 users loose around $34 million in digital assets, the company said in a blog post on 20 January.

According to the announcement, the hacker was able to take “4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other currencies” from 483 Crypto.com customer accounts, with the total value of the stolen assets being around $34 million. The blog post also revealed that “there was no loss of customer funds” as all affected accounts have already been “fully reimbursed”. The chief information security officer of the exchange, Jason Lau, said in a statement:

“Crypto.com is a leader in security and compliance, including our recent SOC 2 announcement. While our goal is to prevent any security breaches, our industry leading insurance policy and Worldwide Account Protection Programs offer our customers additional protections in rare instances when there is an incident.”

On Monday, after reports of suspicious activities on customer accounts, Crypto.com decided to pause all withdrawals from the platform, which lasted for around 14 hours. The exchange quickly realized that a small number of transactions were being authorized without the two-factor authentication (2FA) being entered, which forced it to revoke all 2FA tokens. After this, customers were allowed to trade only after relogging and reactivating their 2F tokens.

In order to prevent future attacks, the exchange claims to have implemented a new layer of protection — called the “Worldwide Account Protection Program (WAPP)” — which will requires traders to whitelist a withdrawal address at least 24 hours before withdrawing funds. If a third party gains unauthorized access to these accounts, the exchange will be able to restore “up to USD$250,00” to qualified users.

Discussion
Related Coverage
Crypto.com Granted In-Principle License in Singapore
  • One of the advantages of receiving a Major Payment Institution license is that it allows companies to provide Digital Payment Token services to customers in Singapore.
  • In order to acquire the license, Crypto.com was obliged to act in accordance with AML and CFT legislations, as well as comply with a number of legal demands.
June 22, 2022, 1:33 PM
Kris Marszalek, Co-Founder and CEO at Crypto.com

Kris Marszalek, Co-Founder and CEO at Crypto.com, on the MoneyConf Stage during day two of RISE 2018 at the Hong Kong Convention and Exhibition Centre in Hong Kong. Seb Daly/RISE via Sportsfile

Osmosis Suffers $5M Liquidity Pool Exploit
  • Osmosis’ bug allowed users to add liquidity to any of its liquidity pools, and immediately withdraw 150% of their initial investment.
  • The DEX noted that four individuals were responsible for 95% of the stolen funds, and that two have already volunteered to return $2 million.
Ola Finance Suffers $3.6M Re-Entrancy Attack
  • The attack happened on the Fuse Network, one of the many blockchains Ola operates on, and took advantage of a vulnerability in one of Ola’s smart contracts.
  • The project has paused all activities on Fuse Network, and noted the attack has not affected its services on other blockchains, which remain operational.