Reading time: ~2 m
On January 17, Crypto.com cryptocurrency platform suspended withdrawals due to “suspicious activity” on user accounts. The company assured that customer funds are safe, however, according to PeckShield analysts, this is a hacker attack, during which more than $15 million was stolen.
The @cryptocom loss is about $15M with at least 4.6K ETHs and half of them are currently being washed via @TornadoCash https://t.co/PUl6IrB3cp https://t.co/6SVKvk8PLf pic.twitter.com/XN9nmT857j
— PeckShield Inc. (@peckshield) January 18, 2022
“Several users have reported suspicious activity on their accounts, we will be suspending withdrawals shortly as our team investigates. All funds are safe,” wrote Crypto.com.
A few hours later, users were asked to log into their accounts and reset their two-factor authentication (2FA) settings.
At approximately 19:00 Moscow time, the CEO of the platform, Chris Marszalek, said that technical specialists were conducting final checks – the withdrawal function was restored after an hour and a half.
Marszalek said the downtime was about 14 hours. The CEO emphasized that no client funds were lost and the team took steps to strengthen the infrastructure.
Some thoughts from me on the last 24 hours:
— no customer funds were lost
— the downtime of withdrawal infra was ~14 hours
— our team has hardened the infrastructure in response to the incident
We will share a full post mortem after the internal investigation is completed.
– Kris | Crypto.com (@Kris_HK) January 18, 2022
Nevertheless, PeckShield experts claim that hackers withdrew 4600 ETH from the platform (~$15.05 million at the current exchange rate). At the time of writing, the address labeled by Etherscan as belonging to the attacker holds 1.17 ETH — the rest of the assets have been sent to the Tornado Cash mixer.
CertiK also reported that Crypto.com was hacked. Startup analysts claim that more than 282 users were affected during the incident — 4836 ETH (~$15.82 million) was withdrawn from their accounts.
Using SkyTrace, we can see that the hacker is moving the stolen funds to Tornado Cash
Check it out yourself using this link 👇https://t.co/hgWz2TU0NA pic.twitter.com/1pO9NuakRN
— CertiK Security Leaderboard (@certikorg) January 18, 2022
Clients of the platform also announced the loss of funds. So, more than 17 ETH was allegedly stolen from one of the users.
My wife had 17.43 ETH wiped within minutes without her authorization. She has 2FA. She is in panic mode. We tried contacting the chat but no help.
— Yugesh Bhattarai (@yougesify) January 17, 2022
Earlier, Crypto.com announced an increase in insurance coverage of users’ assets to $750 million. The program was implemented in partnership with Arch Underwriting, an insurance market participant Lloyd’s.
Recall that in January 2022, hackers withdrew assets worth $18.2 million from the hot wallets of the sports NFT platform Lympo.
#Analysts #reported #Cryptocom #hack #company #denied #loss #funds