Screenshots from blockchain intelligence firms suggest 4,600 ETH was taken.
Crypto.com has insisted that no funds were stolen in a hot wallet hack, despite blockchain intelligence firms indicating that about 4,600 ETH was taken.
On Monday, the exchange had confirmed that "a small number of users" were reporting suspicious activity on their accounts — and withdrawals were suspended.
Stressing that all funds were safe, Crypto.com users were told that they would need to sign back into their accounts and reset their two-factor authentication.
The platform's CEO, Kris Marszalek, said withdrawals were resumed after 14 hours — and the company's infrastructure has now been "hardened" following the incident.
But his claim that no customer funds were stolen has been challenged.
Peckshield shared screenshots suggesting that crypto worth $15 million was taken from Crypto.com's hot wallet — and half of the 4,600 ETH was being washed using Tornado Cash. A screenshot with corresponding transactions was shared.
The crypto enthusiast and entrepreneur Ben Baller also tweeted:
"I messaged yah guys hours ago about my account having 4.28ETH stolen out of nowhere and I’m also wondering how they got passed the 2FA?"
Dogecoin co-founder Billy Markus also pointed to "odd activity" where transactions of between 2 ETH and 5 ETH were being transferred to a new wallet.
p>
Listen to the CoinMarketRecap podcast on Apple Podcasts, Spotify and Google Podcasts
Unfortunate Timing
Whereas many altcoins have posted healthy gains over the past seven days, Crypto.com Coin is flat.
The security breach has also distracted from a number of high-profile announcements the exchange wanted to make this week.
Crypto.com has now signed a five-year deal to become a major partner of the Australian Football League, adding to a long list of partnerships. It has also teamed up with Formula 1, Paris Saint-Germain, and sponsors the Crypto.com Arena — previously known as the Staples Center — in Los Angeles.
Some critics on Twitter have claimed that Crypto.com should have been more focused on keeping its platforms secure than engaging in these big-money partnerships.
Jameson Lopp, the co-founder of the Bitcoin security provider Casa, tweeted:
"This @cryptocom issue sounds similar to the compromise of an undisclosed number of Coinbase accounts last year — some sort of 2FA bypass/reset. Remember: enabling 2FA on a custodial account is not a panacea; it can still get hacked. Nacho keys, nacho cheese."
