Days After Alleged $33M Hack, Crypto.com Is Still Silent
Reports from on-chain analysts suggest that around $33 million was stolen.
- Crypto.com suffered from "suspicious activity" on Monday. Analysts estimated that the exchange was hacked for around $33 million.
- Contrary to the on-chain data, the exchange says that all customer funds are safe.
- It's due to publish a post-mortem report soon.
Share this article
Crypto.com is yet to post a full statement regarding its Monday hack. Multiple on-chain analysts have reported that hackers walked away with $33 million in Bitcoin and Ethereum after targeting the exchange.
Crypto.com Yet to Provide Clarity
Crypto.com froze all withdrawals following a suspicious incident two days ago, in what was believed to be a multi-million dollar hack. The exchange is yet to post a full statement on what happened.
Details of the incident first emerged early Monday when the exchange posted a tweet confirming that “a small number of users” had reported “suspicious activity” on their accounts. It also paused withdrawals for 13 hours before reiterating that “all funds are safe.”
Update: Withdrawal services have been restored.
All funds are safe.
It will take time to clear the backlogs. We appreciate your patience. https://t.co/ZKMfyTMebi
— Crypto.com (@cryptocom) January 17, 2022
Multiple customers responded to the posts claiming that funds had disappeared from their wallets. Ben Baller responded to the announcement claiming that 4.28 ETH had been stolen from his wallet despite Crypto.com’s two-factor authentication system. Another user posting under the pseudonym BitMiss said that they had lost “over 24 ETH.”
On Tuesday, security firm PeckShield posted a tweet claiming that 4,600 Ethereum worth roughly $14.6 million had been stolen. It also said that the hackers had been funneling a portion of the takings through Tornado.Cash, an Ethereum mixer for transactional privacy. Hackers often use Tornado.Cash to move stolen funds to a “clean” address. Etherscan data shows a wallet believed to be connected to the hack has funneled 4,830 ETH through Tornado.Cash on Jan. 18.
Today, another on-chain analyst from OXT Research who posts under the alias Ergo shared a report suggesting that 444 Bitcoin had been stolen in addition to the Ethereum. They also said that the hacker had moved the funds through a Bitcoin tumbler. 444 Bitcoin is worth around $18.4 million, which would put the total hack value at $33 million if the reports are accurate.
Centralized cryptocurrency exchanges frequently use hot wallets to store funds, which may explain how the firm was hacked. Hot wallets are widely considered less secure than cold wallets as they stay connected to the Internet. In August, the crypto exchange Liquid lost $97 million after its hot wallets were hacked. AscendEX also lost $77.7 million in a similar incident last month.
Besides the two initial Monday tweets, Crypto.com has not yet published an official follow-up despite staying active on its social media channels. The firm’s CEO, Kris Marszalek, has insisted that “no customer funds were lost” and that the exchange had “hardened” its infrastructure. He also said that it would share a post-mortem report on the incident.
Crypto.com first reported on the suspicious activity at 4:44 UTC Monday. That was 58 hours ago.
Note: Crypto.com did not respond to Crypto Briefing’s request for comment at press time.
Disclosure: At the time of writing, the author of this piece owned ETH and other cryptocurrencies.