In a statement on its website today, Crypto.com revealed new details concerning a recent hack on its platform, stating that 483 of its customers were affected and that unauthorized withdrawals of over $15 million in ETH, $19 million in BTC, and $66,200 in “other currencies” occurred. The total losses, which amount to more than $34 million at today’s cryptocurrency prices, are more than analysts had projected before Crypto.com’s announcement.
The company’s post-mortem came just one day after CEO Kris Marszalek admitted the breach in a Bloomberg TV interview. After many Crypto.com users claimed their funds had been stolen, he confirmed the breach, which had previously been received with cryptic responses from the corporation, referring only to an “event.” During the interview, Marszalek did not reveal how the hack occurred, but he did disclose that Crypto.com has refunded all affected accounts.
According to today’s announcement, Crypto.com discovered the suspicious activity on Monday, when “transactions were being approved without the 2FA authentication control being inputted by the user.” The site temporarily halted all withdrawals for 14 hours to investigate the problem.
Crypto.com stated today in a statement that it will launch the Worldwide Account Protection Program (WAPP) in “certain markets” beginning February 1. A program that will restore cash up to $250,000 for “eligible users” in the event of an unlawful withdrawal.
According to the company, to qualify for the program, users must enable multi-factor authentication on all transaction types and set up an anti-phishing code at least 21 days before the reported unauthorized transaction. File a police report, provide it to Crypto.com, complete a questionnaire to support a forensic investigation, and not use a jailbroken device.