Screenshots from blockchain intelligence firms suggest 4,600 ETH was taken.
On Monday, the exchange had confirmed that "a small number of users" were reporting suspicious activity on their accounts — and withdrawals were suspended.
Stressing that all funds were safe, Crypto.com users were told that they would need to sign back into their accounts and reset their two-factor authentication.
But his claim that no customer funds were stolen has been challenged.
The crypto enthusiast and entrepreneur Ben Baller also tweeted:
"I messaged yah guys hours ago about my account having 4.28ETH stolen out of nowhere and I’m also wondering how they got passed the 2FA?"
Dogecoin co-founder Billy Markus also pointed to "odd activity" where transactions of between 2 ETH and 5 ETH were being transferred to a new wallet.
Whereas many altcoins have posted healthy gains over the past seven days, Crypto.com Coin is flat.
The security breach has also distracted from a number of high-profile announcements the exchange wanted to make this week.
Crypto.com has now signed a five-year deal to become a major partner of the Australian Football League, adding to a long list of partnerships. It has also teamed up with Formula 1, Paris Saint-Germain, and sponsors the Crypto.com Arena — previously known as the Staples Center — in Los Angeles.
Some critics on Twitter have claimed that Crypto.com should have been more focused on keeping its platforms secure than engaging in these big-money partnerships.
Jameson Lopp, the co-founder of the Bitcoin security provider Casa, tweeted:
"This @cryptocom issue sounds similar to the compromise of an undisclosed number of Coinbase accounts last year — some sort of 2FA bypass/reset. Remember: enabling 2FA on a custodial account is not a panacea; it can still get hacked. Nacho keys, nacho cheese."