/>
X
Innovation

Crypto.com confirms 483 users hit in attack that saw over $31m in coins withdrawn

Around $14 million in ether, just over $17 million in bitcoin, and $66,200 in other cryptocurrencies withdrawn during the incident.
chrisduckett-mk3.png
Written by Chris Duckett, Contributor on
matt-damon.png

Fortune favours Matt Damon.

Image: Crypto.com

After issuing hints at final numbers during the week, Crypto.com has made an official statement on the incident that saw it pause its users' ability to withdraw funds.

The company said on Monday that 483 users were impacted by unauthorised cryptocurrency withdrawals on their accounts.

"In the majority of cases we prevented the unauthorized withdrawal, and in all other cases customers were fully reimbursed," the company said.

"Unauthorised withdrawals totalled 4,836.26 ETH, 443.93 BTC, and approximately US$66,200 in other cryptocurrencies."

At the time of writing, the amount of ether was just shy of $14 million and the fiat value of bitcoin was sitting over $17 million. All up, that put the total figure around the $31 million mark, depending on the volatile prices of cryptocurrency on any given day.

Crypto.com explained it saw transactions occurring on early Monday morning UTC, where users' two-factor authentication was not involved.

"Crypto.com revoked all customer 2FA tokens, and added additional security hardening measures, which required all customers to re-login and set up their 2FA token to ensure only authorized activity would occur. Downtime of the withdrawal infrastructure was approximately 14 hours," it said.

"In an abundance of caution, we revamped and migrated to a completely new 2FA infrastructure."

The company said it has also added a new policy where the first withdrawal to a whitelisted address must wait 24 hours, as well as a program to refund users up to $250,000 if unauthorised withdrawals are made, and certain terms are met.

These terms include having multi-factor authentication on all transactions where possible, creating an anti-phishing code at least 21 days prior to the unauthorised withdrawal, users cannot use a jailbroken phone, they must file a police report and send the company a copy, and answer a "questionnaire to support a forensic investigation".

"Terms and conditions may vary by market according to local regulations. Crypto.com will make the final determination of eligibility requirements and approval of claims," the company said.

Related Coverage

Editorial standards

Related

Break up with LastPass: How to use iCloud as a password manager on Windows
Businesswoman with smart phone looking at computer monitor. Young female professional is sitting at desk. She is wearing smart casuals at home office.

Break up with LastPass: How to use iCloud as a password manager on Windows

The future of the web could be bright. But there's a lot to fix first
zd-web3-programming.jpg

The future of the web could be bright. But there's a lot to fix first

This iOS 16 trick makes your scribbly photo annotations look great
My coffee!

This iOS 16 trick makes your scribbly photo annotations look great