Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » News » Crypto.com Confirms $34M Hack Without Explaining Cause

Crypto.com Confirms $34M Hack Without Explaining Cause

by

The exchange says it will implement a new account protection program going forward. 

Crypto.com Confirms $34M Hack Without Explaining Cause
Shutterstock cover by husjur02

Key Takeaways

  • Crypto.com has confirmed that it lost $34.4 million to hackers Monday.
  • However, the exchange has not explained how attackers were able to access its users' accounts and bypass two-factor authentication.
  • In response, Crypto.com has introduced additional security for withdrawals, and launched a new Worldwide Account Protection Program.

Share this article

Crypto.com has confirmed it was hacked for $34 million Monday but is yet to explain how an attacker was able to bypass accounts’ two-factor authentication to steal the funds. 

Crypto.com Confirms Hack

Crypto.com was hacked but hasn’t revealed how it happened. 

The leading crypto exchange has addressed reports that it was hacked in a Thursday blog post, confirming that an attacker drained 4,836.26 ETH,443.93 BTC, and approximately $66,200 of other currencies from its users’ accounts. The stolen funds total approximately $34.4 million at press time. 

The blog post explained that on Monday, Jan. 17, at approximately 00:46 UTC, the exchange’s risk monitoring systems detected unauthorized activity on a small number of user accounts. 

According to the announcement, an attacker found a way to approve transactions without the two-factor authentication control being inputted by account holders. This resulted in 483 Crypto.com users losing funds from their accounts. The exchange reaffirmed comments made by the firm’s CEO, Kris Marszalek, that any accounts found to be impacted were fully restored, resulting in no loss of funds for users. 

While Crypto.com has confirmed the reports of a hack from several analysts and blockchain security firms, the exchange did not explain how the hacker gained access to users’ accounts and bypassed their two-factor authentication. 

In response to the incident, Crypto.com has added an additional layer of security to withdrawals. Users will now need to wait 24 hours after registering a new withdrawal address before transferring funds to it. “Users will receive notifications that withdrawal addresses have been added to give them adequate time to react and respond,” the blog post reads. The exchange also says it has engaged with third-party security firms to perform additional security checks.

In the same post, Crypto.com also announced the introduction of its new Worldwide Account Protection Program. The program promises to restore funds up to $250,000 for qualified users in the event of fraud or theft. To qualify, users must meet a series of criteria, such as having two-factor authentication enabled on all transactions and filing a report with local police. 

The undisclosed security breach that led to the Crypto.com hack comes less than three months after the exchange completed a Service Organization Control 2 Audit. The audit was conducted by consulting firm Deloitte and affirmed that Crypto.com’s information security practices, policies, procedures, and operations meet sufficient SOC2 standards. 

Disclosure: At the time of writing this feature, the author owned ETH and several other cryptocurrencies. 

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.