- Crypto.com has been hacked and ETH worth $15 million stolen
- The methodology is not yet known, although users apparently didn’t lose funds
- Users did however report unauthorized withdrawals
CryptoCrypto.com has been hacked for 4,600 ETH worth around $15 million, according to security firm Peckshield. Users began reporting odd behaviour with their accounts yesterday and Crypto.com took swift action to disable withdrawals, but not before the Ethereum haul was extracted by the hackers. Crypto.com insists that no user funds have been taken, which suggests that the hack must have been on the company’s hot wallets, although this doesn’t explain why users were the first to report odd behaviour in their accounts.
“Suspicious Activity” Leads to Hack Discovery
Crypto.com warned of a possible hack yesterday in a tweet in which they revealed some users were reporting “suspicious activity” and halted withdrawals as a result:
We have a small number of users reporting suspicious activity on their accounts.
We will be pausing withdrawals shortly, as our team is investigating. All funds are safe.
— Crypto.com (@cryptocom) January 17, 2022
Users who had been apparent victims and were quick to reply and, understandably, sought answers:
I messaged yah guys hours ago about my account having 4.28ETH stolen out of nowhere and I’m also wondering how they got passed the 2FA?
— BEN BALLER™ (@BENBALLER) January 17, 2022
Crypto.com followed up some hours later by reporting that, indeed, some users had experienced “unauthorized activity” in their accounts, but reminded users that “all funds are safe”, which doesn’t explain why some had lost ETH from their accounts.
Security firm Peckshield then revealed the full extent of the hack late last night – some 4,600 ETH, worth approximately $15 million, was stolen from the site and was in the process of being washed through tornado cash:
— PeckShield Inc. (@peckshield) January 18, 2022
Lazarus Potentially Behind Crypto.com Hack
Crypto.com CEO Kris Marszalek tweeted confirmation that no customer funds had been lost and that the infrastructure was up and running again in under 14 hours. He added that a post-mortem would be published once all the facts had been established, which will hopefully explain how no user funds were lost (although this could just be bad phrasing and mean that customers who did lose funds were reimbursed).
No information is known on who could have been behind the hack, although the methodology of a quick exploit and instant washing suggests that this is not the first time for these hackers, with all eyes probably falling on North Korea’s prolific Lazarus hacking group.