- Crypto.com has seemingly blamed its 2FA infrastructure following a $34 million hack this week
- Hackers took BTC, Eth and stablecoins from 483 users this week
- Victims have been refunded and Crypto.com has announced several steps to beef up security
Crypto.com has blamed issues with its 2FA infrastructure for this week’s hack, which saw some $34 million stolen from the platform. The post mortem report stated that of the almost 500 victims only a “small number of users” had their funds stolen but these were refunded, while the vast majority were impacted no further than their accounts being accessed. Crypto.com said it will migrate to a new multi-factor authenticity protocol in the wake of the hack while introducing other measures to protect users.
Hackers Stole BTC, ETH, and Stablecoins
Crypto.com users were victims of the hack earlier this week that saw some accounts breached and attempts to withdraw their funds, which seems to have been partially successful. The post mortem, published yesterday, states that the hack was indeed very successful:
The incident affected 483 Crypto.com users. Unauthorised withdrawals totalled 4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other currencies.
This totals some £34 million at today’s prices, which was all funnelled into mixing services to obscure its origins.
Crypto.com said that it was alerted when some transactions were being performed “without the 2FA authentication control being inputted by the user”, suggesting that hackers had obtained remote control of the targeted accounts. No further details are given on how these unauthenticated logins might have occurred, although the 2FA infrastructure seems to have been the culprit. Malware attacks on unsuspecting users were not ruled out.
Crypto.com to Overhaul Authentication and Withdrawals
As a result of the hack, Crypto.com said it would tighten its withdrawal policies, including a 24-hour delay on all new withdrawal addresses, as well as overhauling its 2FA processes:
Crypto.com will be releasing additional end-user security features as we move away from 2-Factor Authentication and to true Multi-Factor Authentication (MFA), providing added strength for our global user base.
Crypto.com also announced that it is introducing the Worldwide Account Protection Program (WAPP) which “offers additional protection and security for user funds held in the Crypto.com App and the Crypto.com Exchange” and offers account protection up to $250,000 for “qualified users.”
As to who the hackers were, no information has been forthcoming, although security firms have been enlisted to track the funds where possible.