Hackers increasingly target cryptos, and crypto exchange users are losing funds. The latest to suffer a breach is Crypto.com. The CEO, Kris Marszalek, confirmed the incident, explaining that hundreds of accounts were affected.
NBC News reported that crypto exchanges suffered more than 20 hacks in 2021, resulting in more than $10 million, and six cases involved more than $100 million each.
The Crypto.com hack resulted in stolen funds, although the company has not stated how the breach occurred. Marszalek revealed that the exchange came back online about 13-14 hours after the incident.
About 400 users of the crypto exchange had their data compromised.
This is the first time the company would release non-ambiguous or vague statements about the incident since it became known. In an online interview with Bloomberg, Marszalek mentioned that any regulatory body had not approached his company in connection with the breach. However, the CEO promised his company’s co-operation if that happened.
Currently, there are few federal and state laws regulating crypto exchanges, and they may not be required to report data breaches, unlike the health sector. Even banking institutions will only be required to declare data breaches under a new law starting from April.
Marszalek did not commit to a figure when asked about the value of the loss but insisted that his company was carrying out a post mortem that would be published in a blog within days.
“Obviously, it’s (a) great lesson, and we are continuously strengthening our infrastructure,” Marszalek said to Bloomberg. “Given the scale of the business, these numbers are not particularly material, and customer funds were not at risk.”
Previously, Crypto.com stated that only a small number of users were affected and experienced suspicious activity on their accounts. It advised users to reset their two-factor authentication settings, just to be sure. The CEO even tweeted that no customer lost funds, although some people have taken the statement to mean the company was going to bear the loss. Whatever the CEO meant, the former information is different from what he revealed during the Bloomberg interview.
However, PeckShield, a company involved in security, has tried to put a scope on the breach. From its investigation, Crypto.com lost ETH worth about $15 million during the breach. The crypto was passed to Tornado Cash, a popular site hackers use to ‘wash’ their loot or make it untraceable. Tornado Cash is a ‘mixer’ that helps to hide the final destination of ether passing through it. The tool is not solely meant for crime-related activities, but criminals take advantage of it to cover their tracks.
Another analyst associated with OXT Research, however, estimates the loss at $33 million.
Crypto.com is the fourth largest trading platform, with more than ten million users, making the breach significant in the crypto world. It has one of the biggest brand names in bitcoins and runs sponsorship deals with some highly visible pro sports teams. For instance, the Los Angeles Lakers’ stadium was renamed the Crypto.com Arena in a deal worth $700 million.
Other sporting bodies associated with Crypto.com include the Philadelphia 76ers team playing in the NBA, the Montreal Canadiens in the NHL, and the UFC fight league. It also signed a $1.5 billion sponsorship deal with the Australian Football League.
Crypto.com has also used popular actor Matt Damon in ads that have gone viral as it tries to reach more users.