CEO Kris Marszalek of Crypto.com has today confirmed that 400 customer accounts were hacked by other people. He made this confession in an interview with Bloomberg TV.
According to him, there were unauthorized transactions on these accounts. He, however, confirmed that his team had taken care of the situation and reimbursed everyone whose money was stolen from their accounts.
In the wake of the incident, the company has released a report detailing the findings of their post mortem. In this case, there were 483 accounts that were hacked. The unauthorized withdrawals totalled 4,836.26 ETH, 443.93 BTC, and about $66,200 in other currencies. At current exchange rates, that’s $15.3 million of ETH and $18.7 million of ETC for a total of $34.
In a Tweet by PeckShield Inc., the blockchain security analytics company estimated that Crypto.com may have lost cryptocurrency worth $15 million prior to the company’s announcement of the scale of the theft. Some 4,600 of the coins that were lost were Ethereum, and half of them are reportedly being washed, which hides a coin’s transaction history. OXT Research, a Bitcoin research firm, also said that the loss could be worth up to $33 million.
According to the report, some transactions were being approved without two-factor authentication for a small number of accounts just a few days ago. The company’s risk monitoring systems caught this. Thus, withdrawals were halted by the cryptocurrency exchange on January 16th. Some users reported that even though they had two-factor authentication activated, their cash was taken.
“No customer funds were lost,” Marszalek tweeted on January 17. The company’s infrastructure went down for about 14 hours, but his team made sure their security was better because of what happened. A report has confirmed that Crypto.com has revoked all client 2FA tokens and imposed extra security measures, which prompted all account users to re-login.
Crypto.com claims the action was taken because a new 2FA infrastructure was set up. As time goes on, it wants to move away from two-factor authentication and to true Multi-Factor Authentication (MFA).
A new security measure from Crypto.com also requires users to wait 24 hours before withdrawing money to a new whitelisted address. Users who want more protection for their money will be able to sign up for the Worldwide Account Protection Program (W.A.P.P) on February 1.
If a third party gets into a user’s account, WAPP can return up to $250,000 of that user’s money. The program requires customers to employ multi-factor authentication for all transactions to avoid having their devices hacked. They must have set up an anti-phishing code at least 21 days before an unauthorized transaction took place, filed a police report and given Crypto.com a copy, and completed a questionnaire to help Crypto.com with their investigation.
This cover-up by Crypto.com is a good approach and is worthy of recognition.
1 Comment
Pingback: NEW! Attackers use new trick on Facebook to steal passwords - Innovation Village | Technology, Product Reviews, Business