CRO, the native token of major crypto exchange Crypto.com, is moving up today, as the company published a report detailing the recent attack and the loss of almost USD 34m — adding that it has reimbursed the affected users.
“The incident affected 483 Crypto.com users. Unauthorized withdrawals totaled ETH 4,836.26, BTC 443.93 and approximately [USD] 66,200 in other currencies,” the company said in the report.
Per the current prices, this is worth almost USD 34m.
In the majority of cases, said the report, the platform prevented unauthorized withdrawals, “and in all other cases customers were fully funded.”
As to what had happened, the company stated that they noticed on January 17 that there was unauthorized activity on some user accounts where transactions were being approved without the user inputting the two-factor authentication (2FA) control. Crypto.com “revamped and migrated to a completely new 2FA infrastructure.”
The company has performed an infrastructure audit internally, and “engaged” with third-party security firms, they said.
Next, they said, they’ll be adding new features as they move towards Multi-Factor Authentication (MFA).
They’ve also introduced the Worldwide Account Protection Program (WAPP), which the platform says offers “additional protection and security for user funds” held in the app and on the exchange. “WAPP restores funds up to USD$250,000 for qualified users; terms & conditions apply,” they added.
Meanwhile, the downward price movement may be attributed to the new details revealed about the hack, as CRO jumped almost 3% since the report was released today.
At 9:10 UTC, the coin is trading at USD 0.438. It is up 0.9% over the past 24 hours. It is down 10% over the past week and almost 13% over the past month.
Earlier this week, Crypto.com temporarily suspended withdrawals following reports about unusual on-chain activity from wallets belonging to the exchange.
Security firms and analysts soon discovered large amounts of digital assets that were transferred from the exchange into mixer protocols. For one, blockchain security and data analytics company PeckShield argued the exchange had lost at least USD 15m, much of it in ethereum (ETH) that was being washed away via TornadoCash.
Prior to the report going live, pseudonymous ErgoBTC, who claims to be an on-chain analyst at Bitcoin (BTC) research firm OXT Research, had argued that an additional BTC 444 (USD 18.63m) had been lost.
Between PeckShield’s and ErgoBTC’s findings, the total loss would have been USD 33.66 — meaning that the company has actually lost more than it was initially presumed within the community.
In an interview with Bloomberg, Crypto.com CEO Kris Marszalek commented on the security breach, disregarding the possibility of a significant financial fallout, and stating:
“Given the scale of the business, these numbers are not particularly material and customer funds were not at risk.”
Meanwhile, despite previous complaints about poor communication and lack of transparency, some crypto users seem to be happy with the way Crypto.com handled the hack. “They have professionally handled the situation, refunding everyone who got their Stolen Crypto is the only right thing they could have done,” one Reddit user said.
However, others pointed out that reimbursement was the only way forward. “I mean it’s really the only move. The alternative is death for the exchange,” replied another user.
– Crypto Security in 2022: Prepare for More DeFi Hacks, Exchange Outages, and Noob Mistakes
– 1B Crypto Users, Friendlier Regulations, Countries Adopting Crypto – Crypto.com’s 2022 Predictions
– Hacker Steals USD 15M from Crypto.com, Say Analysts; Platform Claims User Funds Weren’t Lost
– Crypto.com To Boost US Presence With a USD 216M Deal
– CRO Rallies as Crypto.com Scores USD 700M Arena Deal
– Watch How Matt Damon Helps Crypto.com Spend USD 100M On Global Campaign