• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

Mobile ID World

Mobile ID World

Identification Revolution

  • Mobile ID
    • What Is Mobile ID?
    • Identity Associations
    • Premier Partners
    • FAQ
  • News
  • Solutions
    • Behavioral
    • Facial Recognition
    • Fingerprint Biometrics
    • Iris Biometrics
    • Second Factor
    • Smart Cards
    • Smartphones
    • Vital
    • Voice
    • Wearable Tech
    • Other
  • Applications
    • Access Control
    • Cloud Technology
    • Commerce
    • Enterprise
    • Healthcare
    • Identification
    • Internet of Things
    • Law Enforcement
    • Strong Online Authentication
  • Exclusive
    • Interviews
    • Featured Articles
    • Podcasts
  • Companies
  • Events

Crypto.com Says Hackers Overcame 2FA Obstacle in $3O Million Crypto Heist

January 24, 2022

The CEO of Crypto.com has acknowledged a massive security breach and cryptocurrency heist. The incident occurred last Monday, when hackers gained access to 483 Crypto.com user accounts and performed a series of unauthorized withdrawals to walk away with over $30 million in various cryptocurrencies.

Crypto.com Says Hackers Overcame 2FA Obstacle in $3O Million Crypto Heist

All told, the cybercriminals swiped 4,836.26 Ethereum (worth $13-$15 million), 443.93 Bitcoin ($16-$19 million), and $66,200 in other currencies. Crypto.com CEO Kris Marszalek stated that all of the victims of the attack have been reimbursed, but did not offer many details about how the heist was accomplished. That should only raise more concerns about the platform’s security, especially since the total amount stolen exceeded the estimates of industry analysts.

As for what did happen, Marszalek admitted that the hackers were somehow able to bypass Crypto.com’s two-factor authentication mandate, which requires a second form of authentication for anyone performing a withdrawal. Marszalek did not explain how the hackers were able to clear transactions without inputting that second factor, but did stress that the company had revoked all existing 2FA tokens in response to the incident. Account holders will need to set up a new 2FA token to regain access to their wallets.

Crypto.com halted all withdrawals for 14 hours in the immediate aftermath of the theft. The company is also rolling out a few new security measures to prevent another incident in the future. Most notably, account holders who change their withdrawal address will need to wait 24 hours before making another withdrawal, creating a window in which someone can respond if that change was not authorized.

In the meantime, Crypto.com is introducing a Worldwide Account Protection Program (WAPP) to help restore trust with customers. The WAPP will go live in select markets on February 1, and will allow eligible customers to get reimbursed for up to $250,000 in the case of another theft. Eligible customers will need to enable multi-factor authentication for all transactions, establish an anti-fishing code, and file a police report in the wake of the event. They also need to fill out a forensic questionnaire, and cannot be using a jailbroken device to access their account.

According to Marszalek, Crypto.com will eventually make MFA (rather than 2FA) the default security standard for the platform, though it is unclear when that transition will take place. In the meantime, the company has enlisted third-party security firms to investigate its security posture. Multiple cryptocurrency exchanges have implemented biometric onboarding and authentication in the past few years. Most notably, Emirex and Impily have partnered with iDenfy, while Simplex and Bitex recently partnered with Onfido.

Sources: TechCrunch, Wired

Filed Under: Industry News Tagged With: 2FA, Bitcoin, Crypto.com, cryptocurrency, cybercrime, cybersecurity, Ethereum, hack attacks, MFA security, multi-factor authentication

Related News & Articles

Gogoro Launches Scooter-Sharing GoShare App in Taiwan

Samsung and Curve Team Up for UK Launch of Samsung Pay Card

NEC and Sumitomo Introduce Translation App for Multilingual Workplaces

Primary Sidebar

Register For the Next Virtual Identity Summit

Register now!

Tweets

Sponsored Links

facetec logo

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

FACEPHI is a global leader in Facial Recognition technology and in Mobile Biometrics technologies. With a strong concentration in the financial sector, FacePhi’s product is rapidly becoming a service used by banks all over the world. Its implementation doesn’t just save money, it is also a way to attract clients and build loyalty, while increasing the security of transactions for both the customer and the business. To learn more about FacePhi, visit https://www.facephi.com/en/

Recent Posts

  • MDL, Digital ID Gain Momentum in State Efforts
  • Brazil-based Selfie Onboarding Startup Reports 250% Sales Jump, Global Expansion
  • ‘All Partners Remain Committed’ to Digital Travel ID Project: Transport Canada
  • North Carolina DMV Seeks Political Support for MDL
  • The Road Ahead for Biometrics and Identity Online Summit

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2023 MobileIDWorld