Leading cryptocurrency platform Crypto.com has finally admitted that 483 users lost almost $34 million in various digital coins due to a compromise in two-factor (2FA) authentication.
Overall, the unauthorized withdrawals had over $15 million worth of Ethereum, $19 million worth of Bitcoin, and $66,200 in “other currencies”.
The platform said late on Thursday that on January 17, its risk monitoring systems “detected unauthorised activity on a small number of user accounts where transactions were being approved without the 2FA authentication control being inputted by the user”.
All withdrawals on the platform were suspended for the investigation’s duration and any accounts found to be impacted were fully restored.
Crypto.com said it revoked all customer 2FA tokens and added additional security hardening measures, which required all customers to re-login and set up their 2FA token to ensure only authorized activity would occur.
“No customers experienced a loss of funds. In the majority of cases we prevented the unauthorised withdrawal, and in all other cases customers were fully reimbursed,” the company said.
The company said that it introduced an additional layer of security on January 18 to add a mandatory 24-hour delay between registration of a new whitelisted withdrawal address, and first withdrawal.
Crypto.com said that it is introducing the worldwide Account Protection Program (APP) that offers additional protection and security for user funds held in the Crypto.com App and the Crypto.com Exchange.
Earlier Kris Marszalek, CEO of crypto.com which is endorsed by famous Hollywood actor Matt Damon, had confirmed that hundreds of user accounts were hacked and their funds were stolen.