Crypto.com, a leading cryptocurrency exchange, experienced an incident on January 17 when some of its users reported strange activity in their accounts. The exchange acknowledged the event, and conducted an investigation immediately after, declaring that all funds were safe. However, reports from security and blockchain auditing firms Certik and Peckshield indicate that some funds were removed from exchange wallets.
Crypto.com Suspends Withdrawals After Suspicious Activity Reported
Crypto.com, a cryptocurrency exchange, suspended normal withdrawal operations after customers reported having experienced suspicious activity regarding their accounts. In its first statements, the exchange told customers that all funds were safe. The reports led to an enhancement in the security measures applied to access the accounts, with all customers having to sign back into their accounts. Also, the two-factor authentication (2FA) for all accounts had to be reset.
Some customers complained about not being able to reset their two-factor authentication keys, and others declared they were unable to access the exchange as a consequence. After the exchange resumed withdrawals, Kris Marszalek, CEO of Crypto.com, offered a report regarding what happened, stating that the total downtime of the withdrawal infrastructure was about 14 hours. The exchange introduced a new security measure: customers won’t be able to withdraw from whitelisted addresses in the first 24 hours after registration with the platform.
Marszalek reiterated that no user funds were lost and that the company would offer a full post-mortem after its investigation.
Blockchain Auditing Firms Report Otherwise
While Crypto.com repeatedly declared that no user funds were affected, there are conflicting statements on the issue. Certik and Peckshield, two security and blockchain auditing firms reported otherwise. Peckshield stated the exchange had lost $15 million, or 4.6K ETH during the event, and that half of these funds were being laundered using Tornado.cash, an anonymity-based protocol that allows users to conduct private transactions.
Certik, another auditing firm, corroborated Peckshield’s report, reporting that the funds were being sent to Tornado.cash. More importantly, Certik informed followers it had compiled a list of user addresses that supposedly were affected in the event, and the number of ether subtracted from each one of these accounts. The company stated that 282 accounts were affected.
The cause of the event is still unknown. Neither Peckshield nor Certik has declared conclusively what happened, and Crypto.com is still conducting an internal investigation on the matter at time of writing.