2FA Compromise Led to $34M Crypto.com Hack

In a statement on its website today, Crypto.com revealed fresh details concerning a recent hack on its platform, stating that 483 of its customers were affected and that unauthorized withdrawals of over $15 million in ETH, $19 million in BTC, and $66,200 in ‘other currencies’ occurred. The total losses, which amount to more than $34 million at today’s cryptocurrency prices, are more than analysts had projected before Crypto.com’s announcement. The company’s post-mortem came just one day after CEO Kris Marszalek admitted the breach in a Bloomberg TV interview. After many Crypto.com users claimed their funds had been stolen, he confirmed the breach, which had previously been received with cryptic responses from the corporation, referring only to an ‘event.’ During the interview, Marszalek did not reveal how the hack occurred, but he did disclose that Crypto.com has refunded all affected accounts. According to today’s announcement, Crypto.com discovered the suspicious activity on Monday, when ‘transactions were being approved without the user entering the 2FA authentication control.’ To investigate the problem, the site temporarily halted all withdrawals for 14 hours. The attacker was able to approve transactions without triggering 2FA, which is required for all users, according to Crypto.com. Customers were asked to enter into the platform and set up their 2FA tokens again after the company ‘revoked all client 2FA tokens and add...