Crypto.com Breach with USD 34 Mln Stolen and 483 Accounts Affected

In a stunning development, threat actors have made off with USD 34 million by successfully hacking Crypto.com. The company shared the details on its website and stated that 483 users were affected as the hackers stole USD 15 million worth of Ethereum and USD 19 million worth of Bitcoin.

The hackers also withdrew USD 66,200 worth of other cryptocurrencies. The combined losses in this Crypto.com breach are more than USD 34 million at the current valuation. These losses are higher than what analysts predicted them to be.

The Crypto.com breach was acknowledged by the company CEO Kris Marszalek in a television interview. His acknowledgment came after multiple users complained that their cryptocurrencies were missing, and they were previously answered with nebulous responses.

The CEO downplayed the hack as an incident and didn’t divulge how this happened. However, he went on to say that his company had reimbursed the affected users by transferring the respective stolen funds to their accounts.


Useful Link: Researchers Discover Microsoft Defender Flaw that Enables Hackers to Evade Detection!


Afterward, Cypto.com released a statement on its website that elaborated that the organization spotted suspicious activity that bypassed 2FA authentication and allowed threat actors to make away with the cryptocurrencies. The company then suspended the withdrawal activities for 14 hours to understand the issue.

Crypto.com breach

Crypto.com didn’t divulge how the threat actors bypassed the 2FA authentication, and it was quite puzzling as it is mandatory for all the users of Crypto.com. It declined to answer any questions beyond the issued statement.

Crypto.com “revoked all customer 2FA tokens and added additional security hardening measures”. It also asked its customers to log in again and re-establish their 2FA protocol. The new measures will subject the users to a day’s delay between the registration of a new withdrawal address and the first withdrawal. In this manner, the users shall have adequate to react and safeguard their funds as they will be notified about the new address registration. Furthermore, the users can curtail the activity should it be unauthorized.

The organization has initiated an internal audit and roped in third-party security firms to identify the gaping holes in its platform. It shall also do away with 2FA and adopt multi-factor authentication (MFA) to better its security posture. However, this transition has no timeline as of this moment.


Useful Link: Cyberattacks Increase 50% in 2021, Peaking All-time High of 925 Weekly Attacks per Organization!


The company will also roll out the “Worldwide Account Protection Program (WAPP) in select markets” starting February 1. The program establishes an SOP should any user be affected by such hacks in the future. The company shall restore funds up to USD 25,000, and to be eligible, one should enable MFA and change his phishing code at least 21 days before the incident date.

The user must also file a police complaint and tender the same to the company. They will then have to answer a questionnaire that would help the company investigate. Additionally, the user should not operate his account from a jailbroken device.

Crypto.com is the fourth-largest crypto exchange globally, and it has been bullish in U.S. markets. The company roped in Matt Damon for its ads and spent USD 700 million on procurement of the naming rights. It perceives itself as the fastest-growing crypto exchange, and this crypto.com breach may stunt its growth.

Contact Us


More Cyber Security News: