Security News > 2022 > January > Crypto.com now says someone tried to drain $34m from hundreds of accounts

Crypto.com now says someone tried to drain $34m from hundreds of accounts
2022-01-20 22:29

Crypto.com on Thursday said in a roundabout way that an unidentified person stole or attempted to steal as much as $34m in cryptocurrency from customer accounts.

In an update on the cyberattack reported earlier this week, the Singapore-based firm said it "Learned that a small number of users had unauthorized crypto withdrawals on their accounts."

On Monday, January 17, 2022, according to Crypto.com, the company's "Risk monitoring systems detected unauthorized activity on a small number of user accounts where transactions were being approved without the 2FA authentication control being inputted by the user."

In response to the attack, Crypto.com said it halted all withdrawals and restored affected accounts.

The company said its withdrawal infrastructure was down for about 14 hours and was restored on January 18 at around 1746 UTC. To further limit the possibility of unauthorized withdrawals - there must be some more concise word for that - Crypto.com said it has instituted a 24-hour delay between the time an approved withdrawal address is registered and the time it can first be used.

The creation of a withdrawal address will send a notification message to the account holder, so unauthorized withdrawals can be caught ahead of time.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/01/20/cryptocom_cryptocurrency_theft/