Singapore-based digital currency trading platform, Crypto.com gave an important update about the hack it suffered earlier this week and revealed that about 483 of its customers were affected. The exchange said the attackers gained access to users’ accounts and withdrew funds without authorization by bypassing the 2-Factor Authentication (2FA) provision on the platform.
As the exchange detailed, as much as $34.5 million was lost based on the breakdown of assets including 4,836.26 ETH, 443.93 BTC, and approximately $66,200 in other cryptocurrencies. The platform unveiled its proactive approach to identify the attack, halt the withdrawals on the platform for about 14 hours, during which it conducted a complete security overhaul of its system.
As part of the measures, the trading platform says it has introduced the Multi-Factor Authentication (MFA) to replace the existing 2FA, a move that the exchange said will strengthen the security firewall for all of its users. Additionally, a 24-hour delay feature has been implemented for whitelist addresses billed for withdrawals.
As part of its proactive measures to forestall further attacks, Crypto.com said its engineering team has done an internal audit of its system, and that it has employed external security auditors to do the same.
Introducing WAPP For all Users
In the wake of the unprecedented hack, Crypto.com unveiled the worldwide Account Protection Program (APP) as an extra measure to compensate users up to $250,000 in case of protocol breaches like this. The program will be for users who meet a limited set of requirements, amongst whom is the compulsory activation of the MFA provisions where necessary.
“The safety of our customers’ funds is our highest priority, and we are continually enhancing our Defence-in-Depth security and protection measures,” said Kris Marszalek, Co-founder, and CEO of Crypto.com. “While we are reminded of the existence of bad actors intent on committing fraud, this new worldwide Account Protection Program, along with our new MFA infrastructure, gives our users unprecedented protection of their funds, and hopefully, peace of mind.”
While the company said it just instituted the APP program, it noted that all of the 483 affected users have been reimbursed, way ahead of the official rollout of the compensation provisions by February 1 this year.