Following a long thread of vague statements from Crypto.com concerning the breach on Monday, CEO Kris Marszalek has confirmed that over 400 accounts were used for unauthorised transactions.
One of the largest cryptocurrency exchanges, Crypto.com, faced a security breach on Monday, which resulted in the company losing over $15 million in Ethereum. In an interview with Bloomberg TV on Wednesday, Marszalek confirmed the breach saying that “all the accounts that were affected were fully reimbursed”, but also maintained the narrative that no customer funds were at risk.
While the crypto exchange acknowledged the breach on Monday and promptly paused withdrawals, estimates put the damage to the company between $15 million and $33 million.
The company still hasn’t confirmed the damage, and according to Marszalek, they’re “still working on a post-mortem”, and the company’s report regarding the breach should be available on their blog in the next couple of days.
Timeline of the Crypto.com breach
- January 17: Crypto.com breached; the cyber criminals make 51 deposits to Tornado Cash — 48 worth 100ETH and three worth 10ETH — to siphon the funds anonymously.
- January 17: Crypto.com says “small number of users reporting suspicious activity”. Pauses withdrawals, asks customers to sign in to the app again and reset 2FA.
- January 18: Peckshield alleges Crypto.com lost $15 million in Ethereum.
- January 18: Crypto.com acknowledges the breach; denies customer funds were affected. Adds a security layer: first withdrawals can only be made 24 hours after the registration of “whitelisted” address.
- January 19: CEO Kris Marszalek confirms over 400 accounts were affected and the company has reimbursed them — maintains no customer funds were at risk.
Writes news mostly and edits almost everything at Candid.Technology. He loves taking trips on his bikes or chugging beers as Manchester United battle rivals.
Contact Prayank via email: [email protected]