 |
| Crypto.com Exchange |
The Singapore-based cryptocurrency exchange Crypto.com has revealed that it was hacked for $34 million as a result of a 2FA bypass attack, according to itpro.co.uk. Previously, the bitcoin exchange denied that any of its customers had lost money. Earlier, a slew of complaints from customers and analysts claimed that the exchange had been hacked.
Crypto.com identified illegal crypto withdrawals on a small number of accounts on January 17, 2022. To begin an investigation, Crypto.com immediately stopped all token withdrawals and worked around the clock to resolve the problem.
There was no money lost by any of the customers. The majority of fraudulent withdrawals were blocked, and clients were completely compensated in all other situations.
What actually happened to Crypto.com?
Users reported that coins were missing from their wallets, and Crypto.com blocked all withdrawals across the exchange as a result of these reports. The exchange declared that "all monies are safe," and that it will be beefing up security across all accounts out of an excess of caution. All users were needed to re-enter the app and exchange, as well as reset their two-factor authentication.
The exchange reported that the hackers were able to bypass 2FA protections and extract 4,836.26 Ethereum tokens worth around $14 million or £10.3 million. The exchange also reported that the theft had impacted 483 of its users. The hack also resulted in the theft of bitcoin tokens worth around $17.3 million or £12.75 million, as well as approximately $66,200 (£48,786) in other cryptocurrencies.
Crypto.com adds an additional layer of security.
The exchange has also added an extra degree of security by requiring a 24-hour delay between registering whitelisted withdrawal addresses and making the first withdrawal to that address. Users will be able to screen these addresses. The addresses are registered as a result of notifications received by the exchange. O will provide users with ample time to react and respond. Crypto.com has also hired third-party security firms to audit the new system's security. It also intends to implement the multi-factor authentication (MFA) concept.
According to One Identity field strategist Robert Byrne, the policy regulating 2FA was hacked in some way, disabling it for specific users. Furthermore, because the 2FA service is provided by a third party, the infrastructure of the supplier may have been one of the targets of the attack.
0 Comments
please do not enter any spam link in the comment box