Users Panic For 14 Hours

A series of unauthorized activities were detected by Crypto.com as early as the early hours of January 17th, immediately triggering the suspension of all withdrawals to avoid further losses. Overall, the platform was blocked for security reasons for about 14 hours, during which time its users have been suspended in a kind of limbo, waiting to know what happened to their money.

The investigation by the administrators was able to establish that, out of the blue, substantial withdrawals from the platform had begun to appear without the two-factor authentication procedure (2FA) being completed correctly. Crypto.com said it had “revoked all user 2FA tokens and added additional security strengthening measures, requiring all customers to log in and reset their 2FA token, to ensure only authorized activity occurs” .

Already “Recycled” Hundreds of ETH and BTC

Shortly after the discovery of the hack, an analysis carried out by the cyber-security consultancy Peckshield showed that the stolen Ethereum tokens were being laundered through Tornado Cash, a sort of “scrambler” of the ETH blockchain, which prevents IT systems from tracing the beneficiaries of the latest transactions.

Stolen ETHs were sent through the mixer in batches of 100 tokens. Ethereum mixers break the chain link between the sender and recipient address, allowing users to remove their token’s transaction history and remain anonymous. A little later, on January 19, Bitcoin research firm “Ergo” also sounded the alarm on Twitter to reveal that stolen BTCs were similarly laundered through “a well-known tumbler”.

Security Countermeasures

In order to increase the security of its platform, Crypto.com claims to have revamped its 2FA infrastructure. He added that a new multi-factor authentication (MFA) step will soon be undertaken and additional security features will be released for the end user. However, we remind you that here we are talking about a fraudulent violation to the third world cryptocurrency exchange, violation that could therefore have resulted in a real disaster not only for the company.

Crypto.com is well known in the US for having recently acquired the rights to the name of the Los Angeles Lakers and the Clippers Arena for the modest sum of 700 million dollars. Furthermore, his viral ads with Matt Damon had already recently attracted the attention of the authorities, who consider them misleading to unsuspecting investors.

It’s Not The First Time That Happens

For the benefit of Crypto.com, however, we must note the rapid response to the hacker attack, which at least allowed to limit the damage. Similar incidents had already happened to other exchanges in the past. Last year Bitmart and Cream Finance users had seen $ 200 million and $ 18.8 million vanish into thin air respectively and many are still awaiting the promised repayment of lost funds.