Cyberattack Hits Crypto.com - Threatwire

By Shannon Morse, ThreatWire

The world’s third largest cryptocurrency trading platform was hit with a cyberattack last week that compromised 483 customer accounts and led to $34 million crypto to be withdrawn. Crypto.com was targeted and US $33.8 million was stolen, though the CEO stated in multiple interviews that customer funds are not at risk.

The hack caused about $15 million in ethereum, $18.6 million bitcoin and $66,000 misc crypto to be stolen from the platform. The attack was detected on January 17th, at which time Crypto.com suspended withdrawals for about 14 hours. 2FA tokens were also revoked, so users had to re-sign in and set up new 2FA tokens for access.

While this crypto was stolen via unauthorized withdrawals, the platform fully reimbursed affected users. Transactions resumed on January 18. According to a Crypto.com post, their risk monitoring systems detected the attack, and saw transactions being approved without 2FA authentication, meaning the 2FA was being bypassed by attackers.

The company migrated to a completely new 2FA infrastructure in response. They also added that the company will be moving away from 2FA and moving to true multi factor authentication for end user security, and beefing up security with an Account Protection Program, which will offer better security for funds within the App and exchange. APP would also restore funds up to $250,000 in the event of unauthorized access.

A lot of technical information regarding this attack has not been shared with the public. For example - who was behind this attack? How were they able to bypass 2FA restrictions for withdrawals? What protocol was being used to implement 2FA and how does the new infrastructure fix these problems? Hopefully Crypto.com will share some of this information with their customers to ease some of the concerns shared via social media.

Crypto.com:

https://www.bleepingcomputer.com/news/security/cryptocom-confirms-483-accounts-hacked-34-million-withdrawn/

https://threatpost.com/2fa-bypassed-crypto-com-heist/177846/

https://crypto.com/product-news/crypto-com-security-report-next-steps

https://www.vice.com/en/article/g5qj9j/cryptocom-says-incident-was-actually-dollar30-million-hack

https://www.zdnet.com/article/crypto-com-confirms-483-users-hit-in-attack-that-saw-over-31m-in-coins-withdrawn/

https://www.zdnet.com/article/crypto-com-ceo-responds-to-complaints-of-login-issues-after-hack/

Become a member at https://plus.acast.com/s/dtns.




Hosted on Acast. See acast.com/privacy for more information.

More from Daily Tech News Show

  1. 33:28Stream Fatigue, I'm Out - DTNS 4756Apr 25, 2024
  2. 30:18Is Meta Trying to Pull an Android? - DTNS 4755Apr 24, 2024
  3. 32:07A Bruised Apple - DTNS 4754Apr 23, 2024
  4. 32:07The Clock is Ticking for TikTok - DTNS 4753Apr 22, 2024
  5. 31:23Facebook is Not a Necessity! - DTNS 4752Apr 19, 2024
  6. 28:45Nanomotors! - DTNS 4751Apr 18, 2024
  7. 31:00PS5 Pro Specs: Worth It? - DTNS 4750Apr 17, 2024
  8. 30:56Chat is in the Air - DTNS 4749Apr 16, 2024
  9. 29:42Smartphone Race to the Top - DTNS 4748Apr 15, 2024
  10. 33:45#OpenToWork - DTNS 4747Apr 12, 2024