Overall, the unauthorized withdrawals were over $15 million in etherum, $19 million in bitcoins, and $66,200 in “other currencies.”
The platform said late Thursday that on Jan. 17, its risk monitoring systems “detected unauthorized activity on a small number of user accounts where transactions were approved without 2FA authentication checking. entered by the user”.
All withdrawals on the platform were then suspended for the duration of the investigation and all accounts deemed impacted were fully restored.
Crypto.com said it revoked all 2FA tokens from customers and added additional security hardening measures, which required all customers to log in again and configure their 2FA token to ensure only authorized activities would take place.
“No customers suffered a loss of funds. In the majority of cases, we prevented the unauthorized withdrawal, and in all other cases, customers were fully refunded,” the company said.
The company said it introduced an additional layer of security on January 18 to add a mandatory 24-hour delay between registering a new whitelisted withdrawal address and the first withdrawal.
Crypto.com said it is introducing the Global Account Protection Program (APP) which provides additional protection and security for user funds held in the Crypto.com App and Crypto.com exchange.
Previously, Kris Marszalek, CEO of crypto.com, backed by famed Hollywood actor Matt Damon, confirmed that hundreds of user accounts had been hacked and their funds stolen.