After releasing hints of the final numbers during the week, Crypto.com issued an official statement on the incident that prompted it to block fund withdrawals for its users.
The company said on Monday that 483 users had been affected by unauthorized cryptocurrency withdrawals from their accounts.
“In the majority of cases, we prevented unauthorized withdrawals, and in all other cases, customers were fully reimbursed,” the company points out. “The unauthorized withdrawals totaled 4,836.26 ETH, 443.93 BTC, and approximately $66,200 in various cryptocurrencies. »
Mandatory two-factor authentication
At the time of writing, the amounts stolen in ether were slightly lower at $14 million and $17 million in bitcoin. In total, the amount is around $31 million, depending on the volatility of cryptocurrency prices from day to day.
Crypto.com says it saw transactions occur early Monday morning UTC, on accounts where users’ two-factor authentication (2FA) was not enabled.
“Crypto.com revoked all 2FA tokens from customers and added additional security hardening measures, which required all customers to re-login and configure their 2FA to ensure only authorized activities would occur . The downtime of the withdrawal infrastructure was approximately 14 hours,” the company says. “Out of an abundance of caution, we have migrated to an entirely new 2FA infrastructure. »
Reinforced access conditions
The company adds that it has implemented a new policy that the first withdrawal to a whitelisted address must wait 24 hours, as well as a program to reimburse users up to $250,000 if unauthorized withdrawals are made. and certain conditions are met.
These conditions include enabling multi-factor authentication for all transactions, creating an anti-phishing code at least 21 days before unauthorized withdrawal, not using a jailbroken phone, depositing a complaint to the police and sending a copy to the company, as well as the answer to a “questionnaire to support an investigation”.
“Terms and conditions may vary by market, depending on local regulations. Crypto.com will make the final decision regarding eligibility and approval of applications,” the company adds.
Source: ZDNet.com