January 21, 2022, 12:18 PM
Follow us on Telegram for the latest updates: https://t.me/mothershipsg
Singapore-based cryptocurrency trading platform Crypto.com has confirmed that about 483 customer accounts were compromised after the platform was hacked recently.
According to the company's blog post on Jan. 20, unauthorised withdrawals from users' accounts totalled 4,836.26 Ethereum (ETH), 443.93 Bitcoin (BTC), and about US$66,200 (S$89,137) in other currencies.
In total, the company lost about S$41.72 million in the recent breach, as per the exchange rates at the time of writing.
Users of the crypto exchange reported losses in Ethereum (ETH) and other cryptocurrencies, and crypto influencer Ben Baller said he lost about 4.28 ETH (about S$17,900) in the incident.
The company previously mentioned in multiple tweets that "all funds are safe".
However, on Jan. 19, the crypto exchange's chief executive officer (CEO) Kris Marszalek said in an interview with Bloomberg that all customers that were affected had been reimbursed.
The company is one of the largest crypto exchanges, with over 10 million users.
Withdrawal services down for 14 hours
Crypto.com first acknowledged the breach on Jan. 17, taking to Twitter to announce that they were suspending withdrawals after "a small number of users" reported suspicious activities on their account.
We have a small number of users reporting suspicious activity on their accounts.
— Crypto.com (@cryptocom) January 17, 2022
We will be pausing withdrawals shortly, as our team is investigating. All funds are safe.
"All funds are safe," the company added.
About eight hours later, the company reiterated that all funds were secure and announced that they had "enhanced" the security of all accounts.
1/2
— Crypto.com (@cryptocom) January 17, 2022
Earlier today a small number of users experienced unauthorized activity in their accounts. All funds are safe.
In an abundance of caution, security on all accounts is being enhanced, requiring users to:
-Sign back into their App & Exchange accounts
-Reset their 2FA
As a result of the security update, users were required to sign back into their account and reset their "Two Factor Authentication (2FA). The company also said that withdrawals would be resumed once the update had been completed.
Tweeting at 1.42am on Jan. 18, Crypto.com said they have restored withdrawal services and repeated for a third time that "all funds are safe".
Later that day, the company's CEO confirmed that withdrawal services were down for about 14 hours and said his team had "hardened the infrastructure" after the incident.
In an interview at Bloomberg's "Year Ahead" virtual summit, Marszalek said the incident was a "great lesson", adding that his company was "continuously strengthening" their infrastructure.
“Given the scale of the business, these numbers (losses from the hack) are not particularly material and customer funds were not at risk," he said.
Regulators have not reached out
Meanwhile, Marszalek said that he had not received any "outreach" from regulators regarding the hacking incident, Bloomberg reported.
He said he was prepared to share information on the hack if the authorities had any relevant inquiries.
The company is currently awaiting licence approval from the Monetary Authority of Singapore (MAS), after moving its headquarters from Hong Kong to Singapore in 2021.
Marszalek said Singapore is "very supportive of blockchain technology and (the) cryptocurrency industry", adding that the country is a "great place" for people in the industry.
The company was previously affected by MAS's ban on public advertising of crypto products, as they had placed a billboard at a popular shopping area.
MAS said in a press release on Jan. 17 that cryptocurrency service providers should not advertise to the general public, adding that trading cryptocurrency is "highly risky and not suitable for the general public".
New measures
In their blog post, Crypto.com mentioned several new security measures, such as revoking users' 2FA, requiring them to sign in again and adding a "mandatory 24-hour delay" for withdrawals to newly added crypto addresses.
The company added that they have plans to implement a new authentication method -- Multi-Factor Authentication (MFA).
Additionally, the company introduced a "Worldwide Account Protection Program (WAPP)", to "protect" the funds of qualified users.
Under the WAPP, qualified users can be reimbursed up to US$250,000 (S$336,622), if their account falls victim to unauthorised withdrawals.
Follow and listen to our podcast here
Top image via Sora Shimazaki/Pexels & Crypto.com/Facebook
If you like what you read, follow us on Facebook, Instagram, Twitter and Telegram to get the latest updates.