#Over $30 Million Stolen in Crypto.com Hack

A considerable hack occurred on the popular cryptocurrency exchange Crypto.com. The hack led to over $30 million in crypto being stolen in the form of 4,836.26 Ethereum and 443.93 bitcoin.

What Happened to Crypto.com?

The hack occurred on January 17, 2022, and the company finally issued a statement in a blog post on January 20, 2022. In it, the company addressed the hack, broke down how much crypto was stolen, and explained how it handled the situation for its users.

As of this writing, the current value of the ETH is $15.2 million, and the BTC is $18.6 million, bringing the total to $33.8 million. That’s a lot of money withdrawn directly from people who use the website to buy and sell crypto.

Thankfully for the website’s users, Crypto.com claims that everyone who had their funds stolen has been fully reimbursed for the substantial losses. 483 users were affected in total.

Of course, that’s a big blow for the company itself, but it’s good to see that it did right for its users, especially since the hack was entirely out of a user’s hands.

From the blog post, here’s what Crypto.com said happened:

On Monday, 17 January 2022 at approximately 12:46 AM UTC Crypto.com’s risk monitoring systems detected unauthorized activity on a small number of user accounts where transactions were being approved without the 2FA authentication control being inputted by the user. This triggered an immediate response from multiple teams to assess the impact. All withdrawals on the platform were suspended for the duration of the investigation. Any accounts found to be impacted were fully restored. Crypto.com revoked all customer 2FA tokens, and added additional security hardening measures, which required all customers to re-login and set up their 2FA token to ensure only authorized activity would occur. Downtime of the withdrawal infrastructure was approximately 14 hours, and withdrawals were resumed at 5:46 PM UTC, 18 January 2022.

What Is Crypto.com Doing to Fix It?

Outside of restoring funds to users, the company is also improving its security measures to prevent something like this from happening again. A hack can be incredibly damaging to customer trust, especially when you’re talking about a place where users are putting in substantial amounts of money.

First, the company added a layer of security that brings a mandatory 24-hour delay between registration of a new whitelisted withdrawal address and the first withdrawal.

Crypto.com also added what it calls a Worldwide Account Protection Program (WAPP), which it says is an “additional protection and security for user funds held in the Crypto.com App and the Crypto.com Exchange.”

Basically, it protects funds if a third party gains unauthorized access to an account and withdraws money without the user’s permission. It restores up to $250,000 for qualified users (you have to have certain things in place on your account to qualify, which is broken down in the company’s blog post).

It’ll be interesting to see if Crypto.com can keep its users’ trust or if the hack will cause them to seek another cryptocurrency exchange. It seems like the company is doing the right things to fix the problem and prevent it from happening again, but that isn’t always enough.