Is the Crypto.com “unauthorized activity” event bigger than first thought?
There are conflicting reports regarding the loss of user funds. More will be known as internal investigations conclude.
Crypto.com CEO Kris Marszalek plays down Monday’s “unauthorized activity” event, saying more information will come following the results of an internal investigation.
Some users reported suspicious account activity in the days preceding, leading to the exchange suspending withdrawals. According to Bloomberg, tens of thousands of dollars were lost from Crypto.com accounts as a result.
However, in giving an update, Marszalek says no user funds were lost.
Conflicting reports of losses
As the event unfolded, Crypto.com tweeted a brief explanation of what was happening, along with a notice on withdrawal suspension. The tweet also assured users that all funds are safe.
Crypto.com operates with a $750 million insurance policy. However, the specifics of the policy, such as clauses, are not detailed by the firm.
Replying to the above tweet, influencer Ben Baller expressed frustration over his poor customer service experience after reporting stolen funds amounting to approximately $13,500. Baller asked how the perpetrators were able to bypass two-factor authentication.
“I messaged yah guys hours ago about my account having 4.28ETH stolen out of nowhere and I’m also wondering how they got passed the 2FA?“
This reply was followed by others saying they, too, had lost funds. One user claims to have lost 1.2 BTC ($36,700) over four separate unauthorized withdrawals.
Blockchain security firm Peckshield weighed in with a bombshell claim that losses far exceed those initially reported by Bloomberg.
According to Peckshield, the hack comes in at $15 million. Their tweet shows address analysis of stolen ETH being sent to Tornado Cash addresses.
Using mixer protocols, like Tornado Cash, hackers can obscure the on-chain “paper trail” linking the source address and destination address, thus laundering the stolen funds.
Crypto.com boss thank the community for its support
Responding to the incident today, Marszalek said no customer funds were lost, withdrawals were reinstated within 14 hours, and they have upped security in response. He also said he would give more information once the investigations are finished.
Hours later, Marszalek put out another tweet conveying thanks for the support and spinning the incident as an opportunity to improve Crypto.com’s security procedures.
“I’m particularly happy with two things:
– the support we received from the community both publicly and in DMs
– the opportunity this incident gave us to further strengthen our setup
We learn, we improve, we move forward undeterred.”
Whenever high-profile exchange hacks occur, crypto users are reminded of the third-party risk involved when dealing with centralized exchanges.
We await the results of the investigation.