Cyber Incident Victim: Crypto.com
Date:
Jan 2022
Location:
Singapore
Summary
A cybersecurity breach at Crypto.com resulted in unauthorized withdrawals totaling approximately $34 million from 483 user accounts. The platform detected suspicious activity via its risk monitoring systems, prompting an immediate suspension of all withdrawals and revocation of two-factor authentication tokens, which required users to reset their security credentials. While some customers encountered difficulties during the reset process, the company asserted that no funds were ultimately lost, either through prevention of unauthorized transactions or full reimbursement of affected accounts. Withdrawals resumed after implementing enhanced security measures, though the incident followed prior technical issues involving erroneous duplicate charges on user purchases.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 17, 2022, Crypto.com detected unauthorized cryptocurrency withdrawals affecting a small number of user accounts through its internal risk monitoring systems. The platform immediately suspended all withdrawal transactions to investigate the incident, halting this functionality for approximately 14 hours as a precautionary measure. Initial estimates suggested approximately 400 accounts were compromised, though this was later revised to 483 confirmed affected users. The company revoked all existing two-factor authentication (2FA) tokens across its user base, requiring customers to log back into their accounts and reconfigure their 2FA settings. During this reset process, numerous users reported technical difficulties when attempting to reestablish their authentication credentials.
Crypto.com confirmed the total value of unauthorized withdrawals reached approximately $34 million across various cryptocurrencies. The company asserted that no customers ultimately lost funds, stating it prevented most unauthorized transactions and fully reimbursed affected users for any withdrawals that couldn't be blocked. Withdrawals resumed on January 18 at 5:46 PM UTC following implementation of undisclosed "security hardening measures." CEO Kris Marszalek characterized the financial impact as immaterial during a Bloomberg Live interview, emphasizing customer funds were never at risk despite the breach. This incident followed a May 2021 technical glitch on the platform that caused duplicate cryptocurrency purchases for some users, though that prior event involved different operational failures without external malicious activity.