At the interview with Bloomberg TV, Kris Marszalek, CEO of Crypto.com, acknowledged that 400 customer accounts were hacked. He said that his team detected unauthorized transactions made from these accounts, but they had immediately repaired this problem and fully repayed the affected users. Now, the company has released a report that discloses the details of its post-survey. Obviously, 483 accounts are affected, and unauthorized withdrawal withdrawals is 4836.26th, 443.93BTC and about $ 66,200 of other currencies. Based on the current exchange rate, this is $ 1.5.3 million ETH and $ 1.8.7 million ETC, with a total loss of $ 34 million.
Before the company disclosed hackers, block chain security analysis company PECKSHIELD INC. said Crypto.com may have lost $ 15 million encrypted currency. At least 4600 in the lost coins are Tanfang, which is said to be washed away – this is a process of confusing the coin trading. At the same time, Bitcoin Research Company OXT Research, said the company’s loss may be worth $ 33 million.
The report explained that the company’s risk monitoring system detected unauthorized activities a few days ago, and the transaction of a minority account was approved without having a two-factor authentication. Therefore, the encrypted currency exchange suspended withdrawal on the evening of January 16. In fact, people disclosed in their Twitter announcement, even if they have 2FA, their funds are also stolen.
In another essay released on January 17, Marszalek said that “there is no customer fund loss”, the company’s infrastructure is 14 hours, and his team has strengthened the safety to deal with what happened. The report describes the last part, revealing that Crypto.com revokes all customers’ 2FACons, and implements additional safety measures, requiring all account users to log in. The company said that this will be necessary because it migrates a new 2FA infrastructure. However, it intends to finally get rid of 2FA, steering the true multivariate certification (MFA).
Crypto.com also introduced an additional security measures to require users to take a newly registered whitelist address after waiting for 24 hours. Finally, the company launched a Global Account Protection Plan (WAPP) on February 1 to provide protection for users who wish to provide additional protection for their funds.
WAPP can restore funds participating in users up to $ 250,000 to prevent third parties to obtain their account access. That is, in order to meet the requirements of the plan, the user must enable multi-faction certification on all transaction types and do not use jailbreak devices. In order to recover funds under the plan, they must set a anti-fishing code at least 21 days before the unauthorized transaction, submit a police report and provide a copy to Crypto.com, and complete a questionnaire to support Forensic survey.