Benjamin Godfrey is a blockchain enthusiast and journalist who relishes writing about the real life applications of blockchain technology and innovations to drive general acceptance and worldwide integration of the emerging technology. His desire to educate people about cryptocurrencies inspires his contributions to renowned blockchain media and sites.
The hack prompted Crypto.com to conduct an internal audit of its systems, and according to the platform, other third-party security agencies have been contracted to also help audit its systems.
The year 2022 started on tumultuous grounds for Singapore-based cryptocurrency exchange Crypto.com following the unprecedented hack of the platform earlier this week. In a Thursday announcement, the company shared an update of the incident, noting that the attackers cart away 4,836.26 ETH (worth approximately $15.2 million), 443.93 BTC (worth $18.69 million), and approximately $66,200 in other currencies.
Crypto.com confirmed the hack which was first discovered days ago affected 483 customers, but that it has reimbursed everyone affected. The exchange said the attack was carried out through a flaw in its 2 Factor Authenticator infrastructure which allowed the hackers to make unauthorized withdrawals around January 17.
Following the 17th of Jan security incident, we are sharing our findings below, together with enhancements we’ve made to our security infrastructure and the introduction of the Worldwide Account Protection Program. https://t.co/6q86r0o59V pic.twitter.com/ER7DkBoX1Z
— Crypto.com (@cryptocom) January 20, 2022
The exchange said it swung into action when it discovered the anomaly, halting withdrawals across the board for about 14 hours. During the period of withdrawal function suspension, the trading platform said it revoked all of the 2-FA tokens sent to users and added additional security hardening measures, which required all customers to re-login and set up their 2FA token to ensure only authorized activity would occur.
Following the incident, Crypto.com said it has now added a delay feature in whitelisted addresses billed for withdrawal of funds. “Users will receive notifications that withdrawal addresses have been added, to give them adequate time to react and respond. The notification message provides useful reminders and instructions on contacting our team if the address whitelisting was unauthorized,” the report reads.
The hack prompted Crypto.com to conduct an internal audit of its systems, and according to the platform, other third-party security agencies have been contracted to also help audit its systems. Additionally, the trading platform said it will be transitioning from 2-FA to Multi-Factor Authentication (MFA) security checks, making its platform full-proof against malicious bypasses.
Crypto.com Hack Inspires WAPP
As announced by the exchange, the hack on its platform has birthed the emergence of the Worldwide Account Protection Program (WAPP), a provision that will offer additional protection and security for user funds held in the Crypto.com App and the Crypto.com Exchange.
The exchange said the WAPP program will reimburse users for unauthorized withdrawals of up to $250,000 from third parties, but to be eligible, users must comply with a set of requirements, including the activation of MFA on all account types, filing a police report, and by not using jailbroken devices amongst others.
“The safety of our customers’ funds is our highest priority, and we are continually enhancing our Defence-in-Depth security and protection measures,” said Kris Marszalek, Co-founder, and CEO of Crypto.com. “While we are reminded of the existence of bad actors intent on committing fraud, this new Worldwide Account Protection Program, along with our new MFA infrastructure, gives our users unprecedented protection of their funds, and hopefully, peace of mind.”
While the digital currency ecosystem witnessed a lot of hacks in the past year, Crypto.com comes off as the major trading platform that has been hacked thus far this year, a situation that sends a message to other exchanges to improve on their security infrastructures.