Crypto.com, one of the leading cryptocurrency exchanges, experienced an incident on January 17 when some of its users reported strange activity on their accounts. The exchange acknowledged the event and conducted an investigation immediately afterwards, stating that all funds were safe. However, reports from security and blockchain audit firms Certik and Peckshield indicate that some funds have been withdrawn from exchange wallets.
Crypto.com Suspends Withdrawals After Suspicious Activity Reported
Crypto.com, a cryptocurrency exchange, suspended normal withdrawal operations after customers report suspicious activity on their accounts. In its first statements, the exchange told clients that all funds were safe. The reports led to improved security measures being applied to access accounts, with all customers having to log back into their accounts. Additionally, two-factor authentication (2FA) for all accounts had to be reset.
Some customers complained of not being able to reset their two-factor authentication keys, and others said they were unable to access the exchange accordingly. After the exchange resumed withdrawals, Kris Marszalek, CEO of Crypto.com, reported on what happened, stating that the total downtime of the withdrawal infrastructure was around 14 time. The exchange has introduced a new security measure: customers will not be able to opt out of whitelisted addresses within the first 24 hours after registering on the platform.
Marszalek reiterated that no user funds were lost and that the company would offer a full post-mortem after its investigation.
Blockchain audit firms report otherwise
While Crypto.com has repeatedly stated that no user funds are affected, there are conflicting statements on the matter. Certik and Peckshield, two security and blockchain auditing firms reported otherwise. Shield declared the exchange had lost $15 million, or 4.6,000 ETH during the event, and half of those funds were being laundered using Tornado.cash, an anonymity-based protocol that allows users to carry out private transactions.
Certik, another audit firm, substantiated Peckshield’s report, noting that the funds were being sent to Tornado.cash. More importantly, Certik informed followers, he had compiled a list of addresses of users who would have been affected by the event, and the number of ether subtracted from each of those accounts. The company said 282 accounts were affected.
The cause of the event is still unknown. Neither Peckshield nor Certik have conclusively stated what happened, and Crypto.com is still conducting an internal investigation into the matter at the time of writing.
What do you think of the suspicious activity experienced by Crypto.com customers? Tell us in the comments section below.
Image credits: Shutterstock, Pixabay, Wiki Commons
Warning: This article is for informational purposes only. This is not a direct offer or the solicitation of an offer to buy or sell, or a recommendation or endorsement of any product, service or company. Bitcoin.com does not provide investment, tax, legal or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.