The Crypto.com platform announced that it had fully reimbursed the victims. The damage is valued at several tens of millions of euros.
There has therefore been fraudulent access to the Crypto.com platform which has led to unwanted transactions in certain crypto-currencies. This is what the service ended up admitting on Thursday January 20, 2022 in a page published for the attention of its customers, shortly after a period of uncertainty of a few days where uncertainty reigned.
For those who do not know Crypto.com, it is a site offering cryptocurrency exchange services. It is similar to Coinbase, one of the best-known platforms in the sector, where you can buy and sell cryptos against euros, but also convert currencies between them, and follow the evolution of prices to try to make a nice operation.
Crypto.com has acquired a certain visibility for a few months, in particular by offering the services of the American actor Matt Damon for an advertisement. You can also find ads for this platform around football pitches, a sign of the scale that the service has taken. A magnitude which, on the other hand, has obviously also attracted malicious people.
A theft of a few tens of millions of euros
The exact circumstances under which these fraudulent accesses to individual transactions may have occurred remain to be clarified. But a provisional assessment of the losses can already be established: 483 accounts have been affected, which is small in view of the size of its community – 10 million, reported the Los Angeles Times in mid-November 2021.
The sums extracted are on the other hand much more substantial: “ Unauthorized withdrawals totaled 4,836.26 units of Ethereum, 443.93 bitcoins and around $66,200 in other currencies », assesses Crypto.com. Currently, a single bitcoin is trading around 37,000 euros. For Ethereum, a single unit is trading around 2,800 euros.
The booty thus stolen amounts to a few to tens of millions of euros. A high sum, but that Crypto.com claims to have reimbursed in full to the victims of these forced transfers. Crypto.com has a certain financial capacity: it is said to have paid 700 million dollars to buy the right to rename a sports arena in “Crypto.com Arena”.
The platform does not seem to have detected any other illegitimate transactions, apart from the initial 483 accounts. ” In the majority of cases, we have prevented unauthorized withdrawal, and in all other cases, customers have been fully refunded “Summarizes the message, which aims to dissipate the criticisms of which he may have been the subject on social networks.
At the start of the case, as early as January 17, Crypto.com said on Twitter that unauthorized activity had been detected on several accounts. It was added that the funds were not threatened. Eventually, it turned out to be wrong. But in doubt, all withdrawal operations had been suspended for several hours, the time to make security adjustments.
According to Crypto.com, these invalid fund transfers could have been completed without the user having entered the strong authentication code, which allows, in addition to the password, to add a second layer of protection. . If the two-factor verification procedure has thus been undermined, the problem that has arisen on Crypto.com is significant, because it is a key protection.
This gap in the procedure, details the site, “ triggered an immediate response from multiple teams to assess the impact. All withdrawals on the platform have been suspended for the duration of the investigation “. The suspension of withdrawals lasted nearly 14 hours. But the damage to Crypto.com’s brand image could last longer.