Crypto.com has stressed that no customers have experienced a loss of funds — with most unauthorized withdrawals prevented.
Crypto.com has confirmed that 483 users suffered unauthorized withdrawals from their accounts after a hot wallet hack this week.
A total of 4,836 ETH was taken during the incident — alongside 443.93 BTC and $66,200 in other assets.
In cash terms, more than $33 million in funds was stolen, meaning the incident was far bigger than previously thought.
Crypto.com has stressed that no customers have experienced a loss of funds — with most unauthorized withdrawals prevented. "In all other cases customers were fully reimbursed," it added.
The exchange explained that the vulnerability emerged after transactions were approved "without the two-factor authentication control being inputted by the user."
All withdrawals were suspended until a fix could be found, customers were told to log in again, and the company "revamped and migrated to a completely new two-factor authentication infrastructure."
Listen to the CoinMarketRecap podcast on Apple Podcasts, Spotify and Google Podcasts
Changes Introduced
Users will now need to wait 24 hours to complete their first withdrawal after adding a new whitelisted address — and notifications will help alert account holders if an address is added without their consent.
A Worldwide Account Protection Program is also being introduced that protects user funds if a third party gains unauthorized access — restoring up to $250,000 in stolen assets. In a statement, Crypto.com's CEO and co-founder, Kris Marszalek, said:
"The safety of our customers’ funds is our highest priority, and we are continually enhancing our Defence-in-Depth security and protection measures. While we are reminded of the existence of bad actors intent on committing fraud, this new Worldwide Account Protection Program, along with our new MFA infrastructure, gives our users unprecedented protection of their funds, and hopefully, peace of mind."
