According to a report published by the blockchain security company PeckShield, the attack on popular cryptocurrency exchange’s CryptoCom led to the theft of 4,600 ETH from the platform’s wallet. Simultaneously, the firm claims that no user funds have been lost.
The entire incident began on Monday morning. Crypto.com said through Twitter that they are suspending withdrawals to ensure account security, including the use of two-factor authentication (2FA). This was in response to customer reports of suspected online activity. Several of the exchange’s clients complained that their coins had vanished from their wallets.
Exchange officials initially refused to provide specific information concerning the cause of the disturbing activity, but users began reporting unauthorized withdrawals of funds. These withdrawals were estimated to total several thousand dollars.
Furthermore, there have been reports that 2FA protected accounts have been targeted, and funds covered by additional protection stolen.
Two-factor authentication is a security feature that requires the account holder to authenticate their identity by Google Authenticator, email, or SMS. This is often a dynamic key with a limited validity time. It is available only on previously registered devices, such as a smartphone. This prevents a hacker or other unauthorized individual accessing your account from attempting to log in from another device.
After temporarily halting withdrawals, Crypto.com has opted to reset all of its clients’ two-factor authentication (2FA). As a result, all account holders had to go through resetting their credentials.
The CEO of Crypto.com, Kris Marszalek, announced a few hours later that the team was already in the last run of finding a solution to the problem. He was also pleased with the way his crew handled the incident.
PeckShield also revealed that the attackers had used Tornado Cash to transfer the stolen ethers. This is the so-called ETH mixer, which hides the exchange path. These methods are used to safeguard cryptocurrency uploading sites. However, this technology is sometimes used to launder money from criminal operations, like stealing money from the exchange, Crypto.com.
Read Also: Pavia is the first Cardano-based metaverse