Hacker Steals USD 15M from Crypto.com, Say Analysts; Platform Claims User Funds Weren’t Lost

Major crypto platform Crypto.com has lost millions of dollars in crypto in yesterday’s attack, claim analysts, while the platform’s CEO is assuring the public that customer funds have not been lost.
(Updated at 11:25 UTC with a tweet from CEO Kris Marszalek; updates in bold.)

Crypto.com CEO Kris Marszalek tweeted “some thoughts” on Tuesday regarding the event of the previous 24 hours. The first thing he noted is that “no customer funds were lost” in the incident. However, he made no mention of any other funds being stolen.

Meanwhile, blockchain security and data analytics company PeckShield argued that Crypto.com actually lost some USD 15m in the incident. “At least” ETH 4,600 (USD 14.53m) is included in that sum. Half of this, claims the company, is “currently being washed” via decentralized mixer protocol Tornado Cash.

Yet, both Marszalek’s and PeckShield statements could be true at the same time.

Marszalek said that there will be a full postmortem report shared after “the internal investigation is completed,” without providing further details on the incident.

What he did share among his “thoughts” is that the team “hardened” the infrastructure in response to this event, and that “the downtime of withdrawal infra was ~14 hours.”

At 10:17 UTC on Tuesday morning, the CEO tweeted that the platform has re-enabled the whitelisting of new addresses. Furthermore, the team introduced an additional layer of security, Marszalek said: “there is now a 24 hour delay between registration of a new whitelisted address and first withdrawal.”

As reported, Crypto.com said yesterday that it had temporarily suspended withdrawals due to “unauthorized activity” in “a small number” of user accounts. In comments, several users claimed that their accounts had been hacked and their funds stolen.