Cyberattack Hits Crypto.com - Threatwire
Daily Tech News Show
Tom Merritt
4.8 • 1.5K Ratings
🗓️ 26 January 2022
⏱️ 4 minutes
🧾️ Download transcript
Summary
By Shannon Morse, ThreatWire
The world’s third largest cryptocurrency trading platform was hit with a cyberattack last week that compromised 483 customer accounts and led to $34 million crypto to be withdrawn. Crypto.com was targeted and US $33.8 million was stolen, though the CEO stated in multiple interviews that customer funds are not at risk.
The hack caused about $15 million in ethereum, $18.6 million bitcoin and $66,000 misc crypto to be stolen from the platform. The attack was detected on January 17th, at which time Crypto.com suspended withdrawals for about 14 hours. 2FA tokens were also revoked, so users had to re-sign in and set up new 2FA tokens for access.
While this crypto was stolen via unauthorized withdrawals, the platform fully reimbursed affected users. Transactions resumed on January 18. According to a Crypto.com post, their risk monitoring systems detected the attack, and saw transactions being approved without 2FA authentication, meaning the 2FA was being bypassed by attackers.
The company migrated to a completely new 2FA infrastructure in response. They also added that the company will be moving away from 2FA and moving to true multi factor authentication for end user security, and beefing up security with an Account Protection Program, which will offer better security for funds within the App and exchange. APP would also restore funds up to $250,000 in the event of unauthorized access.
A lot of technical information regarding this attack has not been shared with the public. For example - who was behind this attack? How were they able to bypass 2FA restrictions for withdrawals? What protocol was being used to implement 2FA and how does the new infrastructure fix these problems? Hopefully Crypto.com will share some of this information with their customers to ease some of the concerns shared via social media.
https://threatpost.com/2fa-bypassed-crypto-com-heist/177846/
https://crypto.com/product-news/crypto-com-security-report-next-steps
https://www.vice.com/en/article/g5qj9j/cryptocom-says-incident-was-actually-dollar30-million-hack
https://www.zdnet.com/article/crypto-com-ceo-responds-to-complaints-of-login-issues-after-hack/
Hosted on Acast. See acast.com/privacy for more information.
Transcript
Click on a timestamp to play from that location
| 0:00.0 | A tech demo shows off the usual tech things. |
| 0:04.0 | Then I'm going to jump to a link. |
| 0:05.0 | Using the usual tech devices. |
| 0:07.0 | We have a plane device called our mouse. |
| 0:09.0 | Doing the usual tech productivity tasks. |
| 0:11.0 | Now we're connected audio. |
| 0:13.0 | You can see my work. You can point at it. |
| 0:15.0 | And I can see your face and we can talk. |
| 0:17.0 | Except it's 1968 and it's going to set the computing agenda |
| 0:20.0 | for the next half century, then almost immediately be ignored. |
| 0:24.0 | The mother of all demos on no a little more. |
| 0:27.0 | Get it wherever you get your podcasts. |
| 0:30.0 | We usually provide threat wire and other great segments to patrons. |
| 0:34.0 | But this week we're giving all of our patron content to everyone. |
| 0:37.0 | So enjoy. And if you want to keep it coming, go to patreon.com slash DTNS. |
| 0:43.0 | This is your weekly security and privacy news headlines story |
| 0:46.0 | from the threat wire studio in I am Shannon Morse. |
| 0:49.0 | The world's third largest cryptocurrency trading platform was hit |
| 0:53.0 | with a cyber attack last week that compromised 483 customer accounts. |
| 0:58.0 | And it led to about $34 million in crypto to be withdrawn. |
| 1:04.0 | Crypto.com was targeted and US 33.8 million in dollars was stolen. |
| 1:09.0 | Though the CEO stated in multiple interviews that customer funds are not at risk. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from Tom Merritt, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Tom Merritt and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.