Crypto.com Admits Loss Of $34 Million To Hackers

Crypto.com's Chief Executive, Kris Marszalek has admitted that 400 customer accounts were compromised by hackers and a total of $34 million in losses.

Marszalek explained that his team detected the unauthorized transactions made from the accounts, but that they'd fixed the issue immediately and fully reimbursed the affected users.

The company also released a report revealing details from its post mortem. About 483 accounts were affected and the unauthorized withdrawals totaled 4,836.26 ETH, 443.93 BTC, and approximately $66,200 in other currencies. Based on current exchange rates, that's $15.3 million of ETH and $18.7 million of ETC for a total of $34 million in losses. 

The report explained that the company's risk monitoring systems detected unauthorized activity a few days ago, wherein transactions were being approved without two-factor authentication for a small number of accounts. As a result, the cryptocurrency exchange paused withdrawals on the evening of January 16th.

In another tweet posted on January 17th, Marszalek said that "no customer funds were lost," the company's infrastructure was down 14 hours and that his team strengthened its security in response to what happened.

The report expounded on that last part, revealing that Crypto.com revoked all customer 2FA tokens and implemented additional security measures that required all account users to re-login.

The company said the move is necessary because it migrated to a completely new 2FA infrastructure. However, it intends to eventually move away from 2FA and to true Multi-Factor Authentication (MFA).

The company has launched the worldwide Account Protection Programme (WAPP) for users who want additional protection for their funds also an additional security measure that requires users to wait 24 hours before they can withdraw to a newly registers whitelisted address was introduced.

WAPP can restore up to $250,000 of a participating user's money in case a third-party gains access to their account. That said, to qualify for the program, users must enable multi-faction authentication on all transaction types and not be using a jailbroken device.