Crypto.com CEO Kris Marszalek downplayed Monday’s “unauthorized activity” event, saying more information will come after the results of an internal investigation.
Some users reported suspicious account activity in the previous days, which led the exchange to suspend withdrawals. According to Bloomberg, tens of thousands of dollars were lost in Crypto.com accounts as a result.
However, giving an update, Marszalek says no user funds were lost.
Conflicting loss reports
As the event unfolded, Crypto.com tweeted a brief explanation of what was happening, along with a takedown suspension notice. The tweet also assured users that all funds are safe.
We have a small number of users reporting suspicious activity on their accounts.
We will be suspending withdrawals shortly as our team is investigating. All funds are safe.
— Crypto.com (@cryptocom) January 17, 2022
Crypto.com works with a $750 million insurance policy. However, the details of the policy, such as clauses, are not detailed by the company.
In response to the tweet above, influencer Ben Baller expressed frustration with his poor customer service experience after reporting stolen funds amounting to approximately $13,500. Baller asked how the authors were able to circumvent two-factor authentication.
“I messaged your guys hours ago about my account getting 4.28 ETH stolen out of nowhere and I’m also wondering how they did the 2FA?“
This response was followed by others saying they too had lost funds. A user claims to have lost 1.2 BTC ($36,700) over four separate unauthorized withdrawals.
Blockchain security firm Peckshield weighed in with an explosive claim that the losses far exceed those originally reported by Bloomberg.
According to Shield, the hack costs $15 million. Their tweet shows the analysis of stolen ETH addresses sent to Tornado Cash addresses.
the @cryptocom the loss is around $15 million with at least 4.6,000 ETH and half of it is currently washed through @TornadoCash https://t.co/PUl6IrB3cp https://t.co/6SVKvk8PLf pic.twitter.com/XN9nmT857j
— PeckShield Inc. (@peckshield) January 18, 2022
By using mixing protocols, like Tornado Cash, hackers can hide the “paper trail” on the chain linking the source address and destination address, thereby laundering stolen funds.
Crypto.com boss thanks community for support
In response to today’s incident, Marszalek said no client funds were lost, withdrawals were restored within 14 hours, and they tightened security in response. He also said he would provide more information once investigations are completed.
A few thoughts from me on the last 24 hours:
– no customer funds were lost
– infra withdrawal downtime was about 14 hours
– our team reinforced the infrastructure in response to the incident
We will share a full autopsy once the internal investigation is complete.
—Kris | Crypto.com (@Kris_HK) January 18, 2022
Hours later, Marszalek posted another tweet thanking for the support and making the incident an opportunity to improve Crypto.com’s security procedures.
“I am particularly satisfied with two things:
– the support we have received from the community both publicly and in DMs
– the opportunity that this incident gave us to further strengthen our system
We learn, we improve, we move forward without being discouraged.
Whenever high profile exchange hacks occur, crypto users are reminded of the third party risk involved when dealing with centralized exchanges.
We are awaiting the results of the investigation.
With a summary of the most important daily stories in the world of crypto, DeFi, NFT and more.
Get a edge in the crypto-asset market
Access more crypto information and context in every article as a paying member of CryptoSlate edge.
Sign up now for $19/month Discover all the benefits