Crypto.com experienced a cyber attack over the weekend, but the extent of the damage is unclear.
On Sunday, the cryptocurrency exchange platform announced through Twitter and Telegram that a "small number of users" reported unauthorized account activity and that withdrawals were suspended pending an investigation. The company confirmed that all funds were safe but required users to sign back into their accounts and reset their two-factor authentication out of "an abundance of caution."
Crypto.com currently uses zero-trust security and "invests heavily in ongoing security and privacy awareness training for all staff," according to its website. However, another layer of security was added following the attack.
Through his personal Twitter account, Crypto.com CEO Kris Marszalek stated that the company enacted a new "24-hour delay between registration of a new whitelisted address and first withdrawal." Marszalek also confirmed that withdrawals resumed Monday and "no customer funds were lost."
1/2— Crypto.com (@cryptocom) January 17, 2022
Earlier today a small number of users experienced unauthorized activity in their accounts. All funds are safe.
In an abundance of caution, security on all accounts is being enhanced, requiring users to:
-Sign back into their App & Exchange accounts
-Reset their 2FA
However, a report Monday by blockchain analytics company PeckShield showed Crypto.com lost approximately $15 million. It is unclear whether that refers to the company, or to the users. PeckShield did not respond to request for comment.
A Crypto.com spokesperson declined to comment on the PeckSheild report. Instead, the spokesperson referred to Marszalek's statement on Twitter as well as a statement on the company's corporate Twitter account announcing that withdrawal services have been restored.
As of Tuesday, some users on Crypto.com's Telegram channel said they were still unable to access their accounts and complained the app was not working.
One day prior to the hack disclosure, Crypto.com warned users that a fraudulent Telegram channel that claimed to be the official group was running scam competitions. It's unclear if the scam was related to the unauthorized account activity.
The latest hack is just one in a string of attacks against cryptocurrency exchanges and hot wallets. Last month, threat actors made off with more than $100 million in users' funds from decentralized finance app BadgerDAO. Cryptocurrency exchange BTC-Alpha confirmed a ransomware attack in November and attributed it to an unnamed competitor.
The use of cryptocurrency itself is on the rise, both for legal and illicit activity. Chainalysis released a report this month that detailed a "roaring adoption" of cryptocurrency in 2021 and offered a brief insight into 2022. According to that report, in the new year, "illicit addresses hold at least $10 billion worth of crypto, with the vast majority held by wallets associated with cryptocurrency theft."