Crypto.com’s Ethereum hot wallet was hacked yesterday, reportedly leaving some users with sizable losses.
Users of the exchange also found that they were missing cryptocurrencies from their balances and, in some cases, their entire digital wallet had been picked clean.
The exchange subsequently took to Twitter to confirm an investigation was underway.
We have a small number of users reporting suspicious activity on their accounts.
We will be pausing withdrawals shortly, as our team is investigating. All funds are safe.
— Crypto.com (@cryptocom) January 17, 2022
Despite stating “all funds are safe”, there were multiple replies to the tweets complaining of missing Bitcoin (BTC) and Ethereum (ETH) in their accounts.
The likes of Ben Baller, a crypto enthusiast, reported a loss of 4.25 ETH at the time of the hack but confirmed on Twitter that the exchange had restored his missing funds.
PeckShield, a blockchain security company, dug deeper and published a report stating 4,600 ETH worth $14.6m had reportedly been siphoned off the platform and laundered through TornadoCash, an ETH-based coin mixer.
— PeckShield Inc. (@peckshield) January 18, 2022
The news of the alleged hack comes just one day after Crypto.com secured an $18m deal with the Australian Football League.
How it happened
The attackers reportedly found a way to bypass the 2FA (two-factor authentication) security measures on the exchange.
Crypto.com then took to Twitter to alert its users to sign back into the app and exchange accounts and to then reset their 2FA information.
The company then stated once the update had been rolled out to all users, withdrawals will be re-enabled.
Crypto.com has now become the first centralised exchange to fall victim to a hack in 2022.