Back to the list

Crypto.com Lost At Least $15 Million Worth of Crypto in Security Incident, PeckShield Says


coincodex.com 18 January 2022 14:21, UTC
Reading time: ~3 m

Key highlights:

  • Crypto.com temporarily halted withdrawals yesterday after some users reported funds going missing from their accounts
  • According to PeckShield, at least $15 million worth of crypto was stolen from the platform
  • Crypto.com CEO Kris Marszalek claims that user funds were not affected and that the exchange will produce a post mortem report after it concludes its investigation

Blockchain security firm PeckShield estimates Crypto.com lost at least $15 million in security incident

The Crypto.com cryptocurrency exchange has had around $15 million worth of cryptocurrency stolen from its platform, according to blockchain security firm PeckShield. According to their estimates, at least 4,600 ETH was stolen from the exchange. After draining the funds, the attackers started sending ETH to Tornado Cash, an on-chain protocol that allows users to obfuscate the origins of their crypto funds.

Yesterday, Crypto.com said on its official Twitter account that it noticed a “small number of users reporting suspicious activity on their accounts”. As a precaution, the exchange temporarily halted all withdrawals. Another step Crypto.com took to address the incident was to require all users to reset their 2-factor authentication (2FA). 

We have a small number of users reporting suspicious activity on their accounts.

We will be pausing withdrawals shortly, as our team is investigating. All funds are safe.

— Crypto.com (@cryptocom) January 17, 2022

Crypto.com CEO Kris Marszalek also commented on the incident. According to him, the withdrawal halt lasted for around 14 hours. Marszalek also said that Crypto.com will share a post mortem of the incident after they complete an internal investigation of what happened. Hopefully, their report will shed more light on what happened and provide more context to the ETH transactions identified by PeckShield. 

According to Marszalek, the incident did not result in loss of customer funds, but he didn’t explicitly mention if any of the exchange’s funds were stolen. 

Twitter user Ben Baller, who was one of the users complaining about funds going missing from his Crypto.com account, said that the exchange has since restored his funds.

The markets Crypto.com's CRO token have not shown a big response to the security incident reports. Even though the token's price has declined in the last 24 hours, it has been performing similarly to other major cryptocurrencies today.

Although DeFi exploits are now more prominent than crypto exchange hacks, the incident at Crypto.com shows that there’s still risks associated with using centralized exchanges. The Crypto.com incident appears to be the first significant security breach at a centralized exchange this year. 

In December last year, the BitMart cryptocurrency exchange lost more than $150 million worth of crypto to hackers. At the time, the exchange said that it would use its own funds to reimburse users. However, recent reports suggest that many BitMart users have not been refunded yet. 

Back to the list