Singapore-based Crypto.com, one of the largest cryptocurrency exchanges with over 10 million users and nearly $3 billion daily trading volume, was breached on Monday. The cybercriminals allegedly got away with more than $15 million in Ethereum.
According to blockchain security and data analytics company, Peckshield, over 4600 ETH were laundered using Tornado Cash, a service that breaks the on-chain link between source and destination addresses on the blockchain — improving transaction privacy by making them anonymous.
Crypto.com acknowledged the breach on Monday as they halted withdrawals, tweeting that “a small number of users experienced unauthorised activity in their accounts”. However, the company also claims that no funds were touched.
All people using the crypto exchange were also asked to sign back into the app and reset their two-factor authentication code. Withdrawals should be re-enabled shortly after that.
As an added security measure, the CEO of Crypto.com, Kris Marszalek, announced that from now onwards, the first withdrawal can only be made 24 hours after the registration of a new “whitelisted” address. Kris also said that “no customer funds were lost”; but didn’t specify if the company lost any funds during the breach.
According to the transaction logs, the cybercriminals made 51 deposits to Tornado Cash — three worth 10ETH and the rest worth 100ETH. The logs also indicate that the address is involved in the event of stolen funds.
It’s currently not clear how the cybercriminals were able to siphon the funds or gain access to the system that resulted in the deposits being made; however, the cryptocurrency exchange is currently investigating the matter.
Writes news mostly and edits almost everything at Candid.Technology. He loves taking trips on his bikes or chugging beers as Manchester United battle rivals.
Contact Prayank via email: [email protected]