Crypto.com finally speaks out: 483 user accounts compromised

cointelegraph.com:

The Crypto.com security breach saga gets clarity with an official statement from the Singapore-based crypto exchange following a halt on withdrawals after detecting "suspicious activities" in user accounts.

In a statement today, Crypto.com revealed that "4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other currencies" had been taken from clients' accounts without their permission. The overall loss is presently valued at around $33.8 million, as per the current market value.

Following a security breach, several Crypto.com users have made complaints that their money had been stolen. However, the company's previous responses had failed to quell concerns.

Following the 17th of Jan security incident, we are sharing our findings below, together with enhancements we’ve made to our security infrastructure and the introduction of the Worldwide Account Protection Program. https://t.co/6q86r0o59V pic.twitter.com/ER7DkBoX1Z

On Jan. 17, 2022, at around 12:46 AM UTC, Crypto.com's risk monitoring systems detected "unauthorized activity on a small number of user accounts" where transactions were being authorized without the 2FA authentication control being entered by the user, according to the official document.

The exchange proceeded by halting withdrawals and revoking all customer 2FA tokens, adding even more security hardening measures that required everyone to re-login and reactivate their 2FA token before allowing only authorized action, as detailed in the statement. The withdrawal infrastructure was down for a total of 14 hours.

To safeguard against such an accident happening again, Crypto.com claims that they have implemented an additional layer of protection in which a new whitelisted withdrawal address must be registered