By Shannon Morse, ThreatWire
The world’s third largest cryptocurrency trading platform was hit with a cyberattack last week that compromised 483 customer accounts and led to $34 million crypto to be withdrawn. Crypto.com was targeted and US $33.8 million was stolen, though the CEO stated in multiple interviews that customer funds are not at risk.
The hack caused about $15 million in ethereum, $18.6 million bitcoin and $66,000 misc crypto to be stolen from the platform. The attack was detected on January 17th, at which time Crypto.com suspended withdrawals for about 14 hours. 2FA tokens were also revoked, so users had to re-sign in and set up new 2FA tokens for access.
While this crypto was stolen via unauthorized withdrawals, the platform fully reimbursed affected users. Transactions resumed on January 18. According to a Crypto.com post, their risk monitoring systems detected the attack, and saw transactions being approved without 2FA authentication, meaning the 2FA was being bypassed by attackers.
The company migrated to a completely new 2FA infrastructure in response. They also added that the company will be moving away from 2FA and moving to true multi factor authentication for end user security, and beefing up security with an Account Protection Program, which will offer better security for funds within the App and exchange. APP would also restore funds up to $250,000 in the event of unauthorized access.
A lot of technical information regarding this attack has not been shared with the public. For example - who was behind this attack? How were they able to bypass 2FA restrictions for withdrawals? What protocol was being used to implement 2FA and how does the new infrastructure fix these problems? Hopefully Crypto.com will share some of this information with their customers to ease some of the concerns shared via social media.
https://threatpost.com/2fa-bypassed-crypto-com-heist/177846/
https://crypto.com/product-news/crypto-com-security-report-next-steps
https://www.vice.com/en/article/g5qj9j/cryptocom-says-incident-was-actually-dollar30-million-hack
https://www.zdnet.com/article/crypto-com-ceo-responds-to-complaints-of-login-issues-after-hack/