Crypto.com moved its headquarters from Hong Kong to Singapore final year, is presently awaiting license approval from the Monetary Authority of Singapore, or MAS.
The MAS prohibited public promoting of crypto merchandise earlier this year. Crypto.com was among the many corporations affected after inserting a big billboard on a distinguished purchasing strip. Advertising practices of the crypto trade have come beneath scrutiny as opponents fear retail buyers may purchase into the asset class with restricted understanding of dangers.
“Singapore is very supportive of blockchain technology and cryptocurrency industry in general,” the CEO mentioned. “It’s a great place for the industry players, and there’s quite a large number of players there.”
One of largest exchanges with greater than 10 million customers, Crypto.com made headlines after it purchased the sponsorship rights to an iconic sports activities and entertainments enviornment in Los Angeles, once-branded the Staples Center. It can also be operating a serious advertising and marketing marketing campaign with actor Matt Damon, together with numerous skilled sports activities groups.
On 17 January 2022, Crypto.com learned that a small number of users had unauthorized crypto withdrawals on their accounts. Crypto.com promptly suspended withdrawals for all tokens to initiate an investigation and worked around the clock to address the issue. No customers experienced a loss of funds. In the majority of cases we prevented the unauthorized withdrawal, and in all other cases customers were fully reimbursed.
The incident affected 483 Crypto.com users.
Unauthorised withdrawals totalled 4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other currencies.
On Monday, 17 January 2022 at Crypto.com’s risk monitoring systems detected unauthorized activity on a small number of user accounts where transactions were being approved without the 2FA authentication control being inputted by the user. This triggered an immediate response from multiple teams to assess the impact. All withdrawals on the platform were suspended for the duration of the investigation. Any accounts found to be impacted were fully restored. Crypto.com revoked all customer 2FA tokens, and added additional security hardening measures, which required all customers to re-login and set up their 2FA token to ensure only authorized activity would occur. Downtime of the withdrawal infrastructure was approximately 14 hours, and withdrawals were resumed at 5:46 PM UTC, 18 January 2022.
What did Crypto.com do to correct the problem?
In an abundance of caution, a completely new 2FA infrastructure was introduced.
2FA tokens for all users worldwide were subsequently revoked to ensure the new infrastructure was in effect. There is a mandatory 2FA policies on both the frontend and backend to protect users during this revocation phase, as outflows such as withdrawals have a requirement to setup and use 2FA in order to withdraw.
Crypto.com introduced an additional layer of security on 18 January 2022 to add a mandatory 24-hour delay between registration of a new whitelisted withdrawal address, and first withdrawal. Users will receive notifications that withdrawal addresses have been added, to give them adequate time to react and respond. The notification message provides useful reminders and instructions on contacting our team if the address whitelisting was unauthorized.
Full audit of the entire infrastructure has been conducted internally with a number of improvements being implemented to further harden the security posture. While Crypto.com already performs internal and external penetration tests, Crypto.com has immediately engaged with third-party security firms to perform additional security checks on our platform, as well as initiating additional threat intelligence services.
Crypto.com will be releasing additional end-user security features as we move away from 2-Factor Authentication and to true Multi-Factor Authentication (MFA), providing added strength for our global user base.
The hacking of systems has been an ongoing problem in the cryptocurrency industry. As reported by blockchain.News the day before yesterday, North Korean hacks on the cryptocurrency platforms jumped to at least seven times, extracting nearly $400 million worth of digital assets over the last year, blockchain analysis firm Chainalysis said.
As one of the largest exchanges with over 10 million users, Crypto.com is not the only exchange to be hacked.
BitMart suffered from a large-scale security breach. According to the cryptocurrency trading platform’s CEO, hackers were able to withdraw assets valued at up to approximately $150 million.
I personally recommend all exchange users to monitor their balance and report to the company of any suspicious transaction. Lastly, I would like to highly encourage all of you to always be enabling both 2FA and Face ID/Touch ID to protect your accounts from unauthorized access.