The Singapore-based cryptocurrency exchange Crypto.com has confirmed that the exchange has been hit by a $34 million hack caused by a 2FA bypass exploit reports itpro.co.uk. The cryptocurrency exchange had earlier denied that its customers had lost funds. However, earlier, a spate of reports from customers and analysts stated that a hack had hit the exchange.
The exchange has also confirmed that unauthorized individuals carried out the exploit to drain $34 million (around £25 million) from user accounts this week using a chink in the two-factor authentication (2FA).
Unauthorized withdrawals of 4,836.26 Ethereum tokens, worth around $14 million or £10.3 million
The exchange has confirmed that the attackers managed to 2FA controls and made unauthorized withdrawals of 4,836.26 Ethereum tokens, worth around $14 million or £10.3 million. The exchange also revealed that 483 of its customers were affected by the hack. In addition, bitcoin tokens worth around $17.3 million or £12.75 million, and approximately $66,200 (£48,786) in other cryptocurrencies, were also stolen in the attack.
The details about how the hackers bypassed the 2FA exploitation are currently unclear. However, the exchange has confirmed that the platform has since been migrated to an entirely new 2FA infrastructure and revoked the 2FA tokens for all global users to apply this.
Crypto.com puts in place an additional layer of security
The exchange has also put in place an additional layer of security which envisages a 24-hour delay between registering whitelisted withdrawal addresses and the first withdrawal to that address. It will enable users to screen these addresses. The addresses are registered via notifications sent to them by the exchange. O will give the users enough time to react and respond. Crypto.com has also employed third-party security outfits to examine the security of its new system. It is also planning to switch to the multi-factor authentication (MFA) model.
Robert Byrne, the field strategist at One Identity, told IT Pro that the policy controlling 2FA was exploited in some way, deactivating it for specific users. In addition, the 2FA service is offered by a third party so that supplier’s infrastructure may well have been one of the targets of the attack.
