Crypto.com Confirms Security Breach of Customer Accounts

by Arnab Shome
  • 483 customer accounts of the exchange were hacked.
  • The exchange has already reimbursed all the victims.
cryptodotcom
Join our Crypto Telegram channel

Crypto.com confirmed on Thursday that its 483 customer accounts were hacked earlier this week as hackers breached several layers of its security.

The ‘unauthorized withdrawals’ from some of the Crypto.com user accounts were made on Monday. Additionally, the exchange revealed that a total of 4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other cryptocurrencies were siphoned off from its platform.

The exchange initially halted withdrawals for around 14-hours after noticing suspicious activity with some of its accounts. But then, it stressed that all of the funds were safe.

Initially, the reports of the hack surfaced when the blockchain analytics company, PeckShield cited on-chain data to establish that around $15 million worth of Ethereum was stolen from the crypto exchange, and half of them were already washed using Tornado Cash.

Some of the exchange’s customers, including some high-profile clients, also shared on social media that Ether stored on their Crypto.com accounts had vanished.

In addition, Crypto.com confirmed that it had reimbursed all of the victims who lost funds to hackers.

“In the majority of cases we prevented the unauthorized withdrawal, and in all other cases customers were fully reimbursed,” the exchange stated.

Additional Security

Now, the exchange is adding additional layers of security to protect the stored funds of customers. It has added a mandatory 24-hour delay between registration of a new whitelisted withdrawal address and the first withdrawal.

Furthermore, it is introducing a Worldwide Account Protection Program (WAPP), offering fund protection of up to $250,000.

“While our goal is to prevent any security breaches, our industry-leading insurance policy and Worldwide Account Protection Programs offer our customers additional protection in rare instances when there is an incident,” said Jason Lau, the Chief Information Security Officer of Crypto.com.

Crypto.com confirmed on Thursday that its 483 customer accounts were hacked earlier this week as hackers breached several layers of its security.

The ‘unauthorized withdrawals’ from some of the Crypto.com user accounts were made on Monday. Additionally, the exchange revealed that a total of 4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other cryptocurrencies were siphoned off from its platform.

The exchange initially halted withdrawals for around 14-hours after noticing suspicious activity with some of its accounts. But then, it stressed that all of the funds were safe.

Initially, the reports of the hack surfaced when the blockchain analytics company, PeckShield cited on-chain data to establish that around $15 million worth of Ethereum was stolen from the crypto exchange, and half of them were already washed using Tornado Cash.

Some of the exchange’s customers, including some high-profile clients, also shared on social media that Ether stored on their Crypto.com accounts had vanished.

In addition, Crypto.com confirmed that it had reimbursed all of the victims who lost funds to hackers.

“In the majority of cases we prevented the unauthorized withdrawal, and in all other cases customers were fully reimbursed,” the exchange stated.

Additional Security

Now, the exchange is adding additional layers of security to protect the stored funds of customers. It has added a mandatory 24-hour delay between registration of a new whitelisted withdrawal address and the first withdrawal.

Furthermore, it is introducing a Worldwide Account Protection Program (WAPP), offering fund protection of up to $250,000.

“While our goal is to prevent any security breaches, our industry-leading insurance policy and Worldwide Account Protection Programs offer our customers additional protection in rare instances when there is an incident,” said Jason Lau, the Chief Information Security Officer of Crypto.com.

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}