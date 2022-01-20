Following a blocking of withdrawals after receiving several reports of “suspicious activity” in user accounts, Crypto.com, a cryptocurrency exchange based in Singapore, decides to release an official statement.

According to the company, “4,836.26 ETH, 443.93 BTC and approximately $ 66,200 in other currencies” were stolen from customer accounts. According to the current market value, the overall loss is currently estimated at approximately $ 33.8 million.

It is highlighted that the previous communications of Crypto.com have not managed to placate the spirits.

“Following the January 17 security incident, we share our findings below, along with the improvements we have made to our security infrastructure and the introduction of the Worldwide Account Protection Program.”

Following the 17th of Jan security incident, we are sharing our findings below, together with enhancements we’ve made to our security infrastructure and the introduction of the Worldwide Account Protection Program. https://t.co/6q86r0o59V pic.twitter.com/ER7DkBoX1Z – Crypto.com (@cryptocom) January 20, 2022

According to the official document, on January 17, 2022, around 13:46 Italian time, the risk monitoring systems of Crypto.com detected “unauthorized activities on a limited number of accounts“, reporting authorized transactions without 2FA authentication being actually entered by the user.

As detailed in the release, the exchange consequently stopped withdrawals and revoked all users’ 2FA tokens, integrating more advanced security measures and requiring everyone to log in again and reactivate the 2FA token to allow only authorized actions again. . The ability to withdraw was inactive for a total of 14 hours.

To prevent such an incident from happening again, Crypto.com claims to have implemented an extra layer of protection by requiring users to register a new whitelisted withdrawal address 24 hours in advance in order to take the operation.

“Users will be notified of the integration of the withdrawal addresses, allowing them adequate time to react and, if necessary, confirm”reports the statement.

Crypto.com CEO Kris Marszalek told Bloomberg on Wednesday that the exchange has not received any communication from regulators about the incident, adding:

“Obviously that’s a big lesson, and we’re constantly strengthening our infrastructure.”

According to PeckShield, over $ 15 million in ETH was stolen. On Monday, the blockchain security firm tweeted that about half of the funds were sent to Tornado Cash “to be recycled“. An analyst at OXT Research, a blockchain analysis company, claims that the theft cost the exchange 33 million dollars.