Several Crypto.com users reported suspicious transactions that stole thousands of dollars in Ethereum (ETH) from their wallets.
Several Crypto.com users reported suspicious transactions that stole thousands of dollars in Ethereum (ETH) despite their accounts being protected with 2FA.
I messaged yah guys hours ago about my account having 4.28ETH stolen out of nowhere and I’m also wondering how they got passed the 2FA?— BEN BALLER™ (@BENBALLER) January 17, 2022
Yes my account shows multiple withdrawals of .17 BTC— mohamed qudah (@qudah_mohamed) January 17, 2022
My wallet was just hacked. .27 bitcoin withdraws 7 times in my account. WTH is going on?— Nick Dushko (@NickDushko) January 17, 2022
Crypto.com is a cryptocurrency exchange app based in Singapore, the app currently has 10 million users and 3,000 employees.
The company has confirmed the unauthorized access to wallets belonging to a ‘small number’ of users.
This update will be rolled out to users progressively over the next few hours.
Once complete, withdrawals will be re-enabled.
We understand this may be an inconvenience, but security comes first.
Thank you for your support.
In response to the users’ reports of suspicious transactions, the company temporarily suspended all withdrawals and launched an internal investigation.
The cryptocurrency exchange app now has restored withdrawal services and reassured its users saying that all funds are safe:
Update: Withdrawal services have been restored.
All funds are safe.
It will take time to clear the backlogs. We appreciate your patience. https://t.co/ZKMfyTMebi
The company did not provide details about the attack either the exact amount of stolen funds from the compromised wallets. It is not clear how the attackers were able to bypass two-factor authentication (2FA), if confirmed they have exploited some vulnerabilities in the platform.
Crypto.com users have to monitor their balance and report to the company any suspicious transaction. Experts also recommend enabling both 2FA and Face ID/Touch ID to protect their accounts from unauthorized access.
(SecurityAffairs – hacking, Crypto.com)