Crypto.com Hit by Hackers
Table of Contents
- By Steven
- Aug 31, 2022
Crypto.com, the crypto platform, was hacked in mid-January 2022. The breach is another example of how digital criminals zero in on cryptocurrency websites. In total, hackers targeted more than 500 crypto wallets in the attack. Without further ado, let's review the Crypto.com heist and delve into how similar attacks can be prevented in the future.
How was the Attack Conducted?
The attack is the result of a compromised two-factor authentication. Crypto.com representatives refused to provide additional information on how hackers withdrew crypto tokens from accounts. However, the mere fact that the crypto site was willing to state that two-factor authentication was manipulated is significant. The company's refusal to delve deeply into the details of the manipulation of two-factor authentication is a defense mechanism employed to mitigate the potential for additional cyber attacks. However, as detailed below, we have some of the "juice" of the hack.
The hackers employed two-factor authentication manipulation to prevent online infiltrators from accessing money and data belonging to others, likely using multiple tabs within browsers and strategically manipulating those tabs for account access. The thieves manipulated the two-factor authentication process to steal nearly $20 million of Bitcoin and another $15 million of Ethereum.
How did Crypto.com Respond to the Attack?
The crypto platform initially responded to the attack by stating it was nothing more than a minor incident. The company's statement was clearly an attempt at damage control amidst a seemingly endless number of online attacks against crypto platforms. The miscreants responsible for the Crypto.com hack stole the funds without entering the two-factor authentication codes necessary to access the information.
The company insists it will improve its digital security protections. In particular, Crypto.com representatives highlighted their willingness to transition away from two-factor authentication with multi-factor authentication. The company also required its customers to log back into the system to reestablish authentication tokens to prevent future hacks. Business owners, managers, and everyday computer users should take a cue from Crypto.com's response to the attack by implementing digital safeguards of their own.
How Many Accounts and Crypto Were Accessed?
The hackers accessed crypto from several hundred customer accounts. In total, about 500 accounts were accessed, resulting in the theft of more than $31 million. Adding salt to the wound is the theft of more than $66,000 worth of other cryptos. Crypto.com reimbursed its customers after the heist.
Will a Similar Hack Occur in the Future?
The attack can potentially send Crypto.com customers fleeing to other platforms. Yet, there is a growing acceptance that the vast majority of cryptocurrency websites will be targeted in the years ahead. Crypto.com is forcing customers to wait at least 24 hours to withdraw funds after adding a new withdrawal address.
The company then approves the request, setting the stage for additional withdrawals. The logic in adding this delay is to prevent hackers from attempting to perform yet another hack. Implementing the delay also provides account owners with sufficient time to report login/security issues.