Singapore-based crypto exchange Crypto.com issued a post-mortem report Thursday detailing the recent theft of roughly US$34 million from customer accounts and announcing new policies and security measures.
With a 24-hour trading volume of US$2.5 billion, Crypto.com is currently the eighth-largest crypto exchange in the world, according to Statista. In a 2021 review published last month, the company announced that it doubled its customer base to 10 million from 5 million and quadrupled its employees to more than 3,000 worldwide. In November, it signed a 20-year deal to sponsor the Crypto.com Arena, home of the Los Angeles Lakers and Los Angeles Kings.
Around 9 p.m. in Singapore on Jan. 17, the company reports that it noticed unauthorized withdrawals on some accounts and immediately suspended withdrawals while it investigated. It discovered hackers had withdrawn roughly 444 Bitcoin (US$18.6 million), 4836 Ether (US$15.6 million) and US$66,000 in other cryptocurrencies from 483 users. Crypto.com said all customers were fully reimbursed and when activity was restored the next afternoon all users were required to login.
Some crypto enthusiasts expressed skepticism on Twitter about the official account of the hack, questioning the amount of money stolen and CEO Kris Marszalek’s statement in the attack’s early hours that “No customer funds were lost.” Crypto.com repeats this questionable assertion in the new report: “No customers experienced a loss of funds.”
It’s worse than we thought.
— rekt (@RektHQ) January 19, 2022
After our initial investigation, a user uncovered even more lost funds from @cryptocom.
Another ~$18.7M in BTC, bringing the total value lost up to $33.7M.
“All funds safe” say https://t.co/qHgyFxy7qx.
They’re lying to you.https://t.co/Ul6LBdVlas
After the investigation, the company instituted new security measures including enhanced two-factor authorization and a 24-hour delay on the first withdrawal after the registration of a new address. It also announced that going forward, users will be reimbursed up to US$250,000 for unauthorized withdrawals under certain conditions that include filing a police report of the theft.
As cryptocurrency has grown in adoption globally, theft is on the rise. Total transaction volume grew more than 850% from 2020 to 2021, according to blockchain analytics firm Chainalysis. During the same period, hackers and scammers stole a record $14 billion in cryptocurrency in 2021, an 80% increase from the year before.