Crypto.com Data Breach
Industry: Finance | Level: Strategic | Source: Crypto.com
Crypto.com, one of the largest cryptocurrency trading platforms (third by reported transaction volume from CoinGecko), disclosed a data breach compromising at least 483 customer accounts. The incident was detected on January 17th, 2022, and was flagged by users reporting unauthorized withdrawals from their accounts. The suspicious activity involved transactions being approved without 2FA authentication input, resulting in the suspension of attempted transactions. For mitigation, the company implemented additional security measures and revoked all customers’ 2FA tokens, the remediation activity caused a downtime of 14 hours to the withdrawal infrastructure. Crypto.com's CEO Kris Marszalek, confirmed the cyber attack on Bloomberg Live, and stated the attack did not impact customer funds. The following also from a company's statement, "no customers experienced a loss of funds. In the majority of cases, we prevented the unauthorized withdrawal, and in all other cases, customers were fully reimbursed. The incident affected 483 Crypto.com users. Unauthorized withdrawals totaled 4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other currencies."