The hack of Crypto.com in the early hours of Monday was originally passed off as no funds being lost by CEO Kris Marszalek. However, an investigation by PeckShield, the blockchain security firm, has revealed that Crypto.com lost around $15 million, with around half of it in Ethereum, from the incident.
Crypto Daily covered the hack early today with an article based on the details that were then available, namely that some users were reporting that balances of certain of their cryptocurrencies were missing. The Crypto.com response shortly afterwards was obviously meant to reassure users.
Marszalek let it be known that no customer funds were lost, the downtime for withdrawals was limited to 14 hours, his team had “hardened the infrastructure in response to the incident”, and that a full post-mortem would be shared in due course.
We now know, according to PeckShield, that $15 million in ethereum was stolen from customer funds in the attack, with half of that amount sent through Tornado Cash, a coin mixing service.
With the information that is now being disclosed, Crypto.com is suffering quite a backlash from customers. Firstly, because they were not informed that funds had actually been stolen, and secondly because there was poor communication to this effect.
A few of those who replied to the Crypto.com tweet, added to the thread that ethereum was missing from their accounts, although besides the PeckShield report, this has not been confirmed. Others repeatedly reported their concern that 2FA was not working. Crypto.com did seem to be trying to allay fears though, and messages were interspersed through the thread from the team offering to help individuals.
When the post mortem does arrive, it will be extremely interesting to see how hackers were able to steal such a large amount of value in crypto assets from such a supposedly security conscious exchange, and how they managed to get around the 2FA (if this was actually the case).
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.