Crypto.com Says Hackers Stole Nearly $34M From Users

[Husires]

Cryptocurrency exchange Crypto.com said that hackers stole nearly $34 million during the Jan. 17 hack.

The Singapore-based exchange, in an update on Thursday, acknowledged that unauthorized withdrawals totalled 4836.26 ether ($15.2 million), 443.93 bitcoin ($18.7 million) and $66,200 in U.S. dollars.


On-chain data from PeckShield had previously suggested that 4,600 ether had been stolen and were being laundered via Tornado Cash, an ETH mixer protocol aimed at improving transaction privacy.


The hack affected 483 users, all of whom have been fully reimbursed, Crypto.com said.

Crypto.com suspended withdrawals on its platform on Monday following reports of "unauthorized activity", subsequently advising users to sign back in and reset their two-factor authentication.

https://www.coindesk.com/business/2022/01/20/cryptocom-says-hackers-stole-nearly-34m-from-users/

The suspension of the last withdrawal was due to the hacking, but it seems that the platform has compensated everyone. Will this help them and make people continue to use them, and what will happen if more are hacked, they will not be able to pay and compensate everyone?

[noorman0]

Crypto.com is a big company which means it has a lot of users anyway, their current loss is probably tolerable. That is, this company is willing to pay other losses that are insured to customers with the same amount from those who were hacked. The problem is that $34 million from just no more than 500 affected users is quite a lot, which I'm sure would make for a different story if this hack cost more users (say more than 1k). Crypto.com users should consider the biggest risk, that the company may not compensate for their losses in the future.

[DaveF]

Have to love this quote from the article:

Crypto.com CEO Kris Marszalek told Bloomberg TV on Wednesday that the numbers for the hack were "not particularly material and customer funds were not at risk."

I guess that is one of the advantages to dealing with a major exchange with massive assets and investors and insurance, is that the can cover it when things go wrong.
Lets face it, no security will ever be perfect and there is no way to ever get 100% secure, but if they have enough backing and coverage it should not matter to the individual users.
Kind of like FDIC insurance here in the US on banks.

-Dave

[dkbit98]

The suspension of the last withdrawal was due to the hacking, but it seems that the platform has compensated everyone. Will this help them and make people continue to use them, and what will happen if more are hacked, they will not be able to pay and compensate everyone?

What happened after Binance (or other exchanges) was hacked, and what happened after private customer information leaked from Ledger database?
- Nothing. People continue to use their services hoping it won't happen to them, when it happens next time.

Let me repeat again, don't trust any of this centralized services for holding your coins and earning some small profit, next hack can and probably will be much worse.
I wonder what happened with their crypto.com debit cards during and after this hack, does anyone know if did they also stop to work?

[stompix]

and what will happen if more are hacked, they will not be able to pay and compensate everyone?

Starting with Bitcoininca, Gox, Mintpal, Quadriga, Youbit, Cryptopia ...has anything changed in ten years?
Do you think anything will change? Why and where does this optimism come from?
10 years from now on we will still have the same discussion and poeple will sty wonder why do some leave coins on exchanges.

Crypto.com CEO Kris Marszalek told Bloomberg TV on Wednesday that the numbers for the hack were "not particularly material and customer funds were not at risk."

Yet they got stolen, just like a dead body is at no risk of getting killed.

[Oshosondy]

Starting with Bitcoininca, Gox, Mintpal, Quadriga, Youbit, Cryptopia ...has anything changed in ten years?
Do you think anything will change? Why and where does this optimism come from?
10 years from now on we will still have the same discussion and poeple will sty wonder why do some leave coins on exchanges.

Did you believe that some people can not even differential between wallets and exchanges? Some people will use custodial wallets, they will be saying I have my coin on this and that centralized wallets and exchanges for months, or few years now and nothing happened to my coins, that they recommend it.

Novice recommending to novice 

This has been what is happening today.

[hugeblack]

I think that as long as people can withdraw from the platform and receive their money, they will not be bothered by the hacking story.

The confusing thing is the number of accounts hacked compared to the amount stolen, I mean 483 users have accounts managing about $34 million which is a huge amount for an average user. 

Is this normal or is the platform trying to circumvent some tax procedures by losing that money?

I wonder what happened with their crypto.com debit cards during and after this hack, does anyone know if did they also stop to work?

Among the amounts that were hacked were amounts in dollars, so some were affected.

[stompix]

The confusing thing is the number of accounts hacked compared to the amount stolen, I mean 483 users have accounts managing about $34 million which is a huge amount for an average user. 

It makes a bit of sense if we assume the following.
"Hackers" found an exploit in the system, it was not a phishing attack that would trigger immediate reactions and email and app alerts from the company but a stealthy way to access random accounts on the platform.
Now if you would have managed to get access to accounts without alerting anyone, you wouldn't go randomly through them picking every single balance you would take your time, select the largest ones that you could find in a time window, and then empty that one by one, knowing perfectly that at one point the mass withdrawals will trigger some security checks. So why not try and make it big rather than rush and collect pennies?

Oh, and speaking about confusing, when I checked the number the weird part was this :

The Singapore-based exchange, in an update on Thursday, acknowledged that unauthorized withdrawals totaled 4836.26 ether ($15.2 million), 443.93 bitcoin ($18.7 million) and $66,200 in U.S. dollars.

But when going to crypto.com I saw that it was "in other cryptocurrencies.", again lazy journalism, they've made their word quota , who cares about the rest.

[boyptc]

The suspension of the last withdrawal was due to the hacking, but it seems that the platform has compensated everyone. Will this help them and make people continue to use them,

I think so.

When binance was hacked, they've also refunded the affected users and that didn't stopped them from gaining more users and even trusting them more with what happened because they've stand for themselves and shown how responsible they were.

and what will happen if more are hacked, they will not be able to pay and compensate everyone?

I think that they still will.

They even had a million contract for paying the Staples center so, I'm sure that this would be a lesson to them to invest more in security and updates.

[hugeblack]

But when going to crypto.com I saw that it was "in other cryptocurrencies.", again lazy journalism, they've made their word quota , who cares about the rest.

I didn't read the details of the hack, I thought it was for the site's hot wallet, but the account data system hack looks worse than that.
I wonder how much data they collected because it looks like they might have more access to more data like email addresses, personal data, IP addresses and so on.
I don't know why I remembered the recent hack that happened to the Twitter platform.
In general, I will read more details later to update this.