The leading cryptocurrency exchange crypto.com suffered a breach on its platform on 17 January, and the community had since been waiting for a detailed analysis of the hack to be released. While several independent analysts had uncovered parts of the heist, Crypto.com has now released a postmortem for the same, revealing the breach of around 483 accounts.
In a blog post shared earlier today, the Singapore-based exchange admitted that a total of 4,836.26 ETH, 443.93 BTC, and approximately US$66,200 in other currencies were stolen. This amounted to almost $34 million at the time of writing.
However, the exchange has also claimed that no customers experienced a loss of funds. It added that while unauthorized withdrawals were blocked in most of the cases, the remaining aggrieved customers were fully reimbursed.
The unauthorized activity was detected by the exchange in the early hours of 17 January, post which all withdrawals were suspended to prevent further losses. This caused a total downtime of around 14 hours.
<p lang=«en» dir=«ltr» xml:lang=«en»>1/2 Earlier today a small number of users experienced unauthorized activity in their accounts. All funds are safe.In an abundance of caution, security on all accounts is being enhanced, requiring users to:
-Sign back into their App & Exchange accounts -Reset their 2FA
— Crypto.com (@cryptocom) January 17, 2022
The post-mortem noted that an alarm was raised when platform administrators realized that withdrawals were being initiated without the completion of Two-Factor Authentication (2FA).
“Crypto.com revoked all customer 2FA tokens, and added additional security hardening measures, which required all customers to re-login and set up their 2FA token to ensure only authorized activity
Read more on ambcrypto.com