Crypto.com CEO Confirms Hundreds of Accounts Were Hacked

An anonymous reader quotes a report from The Verge: The CEO of cryptocurrency exchange Crypto.com, Kris Marszalek, has finally confirmed that hundreds of user accounts were indeed compromised by hackers and had funds stolen as a result, though details of the exact method of breach remain unclear. Marszalek acknowledged the hack in an online interview with Bloomberg Wednesday, stating that around 400 customer accounts had been compromised. He also told Bloomberg that he had not received any outreach from regulators since the attack was first disclosed but would share information if official inquiries were made.

Previous statements from Marszalek and other communications from Crypto.com have been criticized for being vague and unclear. Official messaging from the company referred to a security "incident," and an early Twitter post mentioned only that a small number of users were "reporting suspicious activity on their accounts." Marszalek followed up by tweeting that "no customer funds were lost" -- a statement some commentators interpreted as meaning that the exchange would take the financial hit rather than passing it on to customers. Shortly afterward, security company PeckShield posted a tweet claiming that, in reality, Crypto.com's losses amounted to around $15 million in ETH and were being sent to Tornado Cash to be "washed."

How am I going to pay for my NFTs now?

[Anonymous Coward]

All my shitcoins lost and regulators doing nothing!

Brave?

[battingly]

I guess security doesn't favor the brave.

Same thing happens on coinbase

[bobjr94]

My CB account was hacked last year. All the precautions followed: 2FA code required to login (from an app, not from text/email), unique PW used only on CB, never opened or clicked link in any emails (fake or real) only used saved bookmark to login. But coinbase let someone turn off 2FA , log in and send out $3k of my funds. What's that damn point of enabling 'require 2FA' if they let someone just turn it back off. Other sites lock your account or stop transfers for 24-48 hours after disabling security settings, not CB. I no longer use CB, moved to a site that offers better security and keep less funds available to immediate sale/transfer. They and other crypto sites don't care if your money gets stolen, they don't have to repay it like a bank, the transfers are anonymous and no one will investigate. I saw many posts saying coinbase employees may be partly involved, they are being paid to disable security settings for a percentage of the stolen funds and no one will ever look into it. Law enforcement doesn't even know who's jurisdiction it falls into.

Re:Same thing happens on coinbase

[The Evil Atheist]

So not hacked.

Duped. Scammed.

You opted to convert your regulated and protected assets with a known (if not entirely trustworthy) into unregulated, unprotected assets with people who you don't know, and aren't covered by any regulation or protections.

You literally signed up for this. You signed up to have no one protect you, because you believe that government is less trustworthy than these people, who plain upfront told you that the reason you should join them is because there is no government there.

Re:

[gweihir]

Yep, pretty much this. Banks are heavily regulated to prevent things like this. Coinbase and others profiteering from the scam do the minimal in security they think they can economically get away with.

Re: Same thing happens on coinbase

[Goatbot]

My 2FA access went to shit when I lost access to both the phone and the number associated with it. Google didn't budge and my account ended up following my end of life instructions. Poof gone but what didn't go was all the other accounts linked to it that I also can no longer access but still exist. Not Cool is all I got, we need better control over how our data is handled.

Re:

[lanmit]

When it comes to the crypto space law enforcement is powerless with helping the scams and help get back your assets. The best bet is a specialized company that helps with recovering your assets from all kinds of scams ranging from crypto thefts, Defi scam projects, investment scams. www.retrieverfunds.com is the best with this kind of recovery due to the experienced investigators and they are not bound by jurisdiction. send a mail to enquiries@retrieverfunds.com

Re:

[sound+vision]

Unless you hold your own bitcoin wallet, you're just swapping out one bank with another, less-regulated bank. The real hack was when they made you think this was a good idea. The entire cryptocurrency universe, as it currently exists, is "suspicious activity" end to end.

Another day

[quonset]

Another crypto hack.

This just keeps getting better and better.

Re:

[whoever57]

Hack or inside job?

Re:

[gweihir]

Hack or inside job?

Does it matter?

Shocking...

[fuzzyfuzzyfungus]

So, yet another case where the crypo-faithful gather to bask in the security of the immutable ledger by actually handling their transactions with the systems of a 3rd rate psuedo-bank; then get cracked wide open because things you do off-blockchain enjoy none of the architectural assurances provided for on-chain activity?

I will never cease to be amazed at how readily people who are allegedly super excited about cryptocurrencies cash theirs in for some vendor-specific IOUs to obtain a little extra convenience.

Re:

[tlhIngan]

Greed really. No one cares to do it properly, they just want in on this get-rich-quick opportunity. They treat it like any other investment account, like for stocks, where you transfer in money and then you buy stocks and leave the stock in your account. You could transfer the stock out into your own possession (you can still get physical stock certificates), but most people keep it in their accounts to save the hassle. Of course, there are strong regulations on this - that stock is your property and remain

Re:

[Bert64]

Running a secure operation is expensive, requires specialised skills and is often inconvenient for users or staff.

In a small operation where someone security conscious and skilled is near/at the top, they might be able to operate in a fairly secure way. On the other hand in a large organisation there will often be lots of competing interests and inertia even if there are security-aware people present in the organisation.

Most organisations consider security an unwanted cost, and generally won't want to inves

Re:

[gweihir]

Greed really. No one cares to do it properly, they just want in on this get-rich-quick opportunity.

Indeed. On all sides, including the "exchanges". As they are not regulated, they are doing the cheapest thing possible and they probably steal form their own customers regularly as well. Does not seem to matter, the suckers keep coming.

Re:

[Lisandro]

That is far and beyond what you can get on any bank account.

Really?

You haven't figured out why just yet?!

But, the stadium!

[WoodstockJeff]

Did they at least get the signs changed before things went to hell?

Better when it always goes up

[smap77]

Back when a pizza cost 7 BTC and the price has continued rising it seemed cool. Who would care if someone hacked my 7 BTC @ 1USD/BTC? Nowadays it's all just kind of stupid and wasteful. At least slot machines have moving graphics.

Someone call up Matt Damon...

[leonbev]

It sounds like it's time for crypto.com's spokesman to save the day, again! I just hope that he got back from Mars OK, I know that he ran into problems the last time he was there.

Crypto

[The Evil Atheist]

That doesn't sound very hidden.

Due dilligence reminder

[Vintermann]

Anyone taking payment in the affected cryptocurrencies have to be careful not to take "currencies" of unknown provenance. Because despite what they call themselves, they aren't actually currencies, but assets.

There's no technical way to change that - it's a legal category, a government has to recognize it as currency for it to be currency in that jurisdiction, no matter its properties.

Receiving stolen assets leaves you in much hotter water than receiving stolen currency, as far as the jurisdictions I know.

S

Re:

[sglewis100]

Sage advice. I'm willing to help. Anyone offering you any crypto of unknown provenance, I'll gladly take it off your hands.

Re:

[Vintermann]

And are you willing to take it at the same price as a freshly mined coin? If you took it at a discount you would be making my point...

Re: Due dilligence reminder

[sglewis100]

Send me cheap or free crypto. Iâ(TM)m happy to make your point and make free money.

Re:

[Vintermann]

My claim is that in fact not all bitcoin (or ethers, or what have you) are worth the same. Coins with known good provenance should be worth more.

At least, as long as they aren't both worthless.

Re:

[sglewis100]

My claim is that in fact not all bitcoin (or ethers, or what have you) are worth the same. Coins with known good provenance should be worth more.

At least, as long as they aren't both worthless.

Oh I'd absolutely agree with that statement. That said, in my particular case my crypto investing is exactly the same as my blackjack investing at a casino. Play with money you don't need and that wouldn't break your heart if you got wiped out. I'm probably one generation too old to believe this is the currency of the future.

How does Tornado still exist?

[sabbede]

It's a blatant money laundering outfit. The sole purpose of Tornado is to hide financial transactions from regulators and law enforcement. What legitimate purpose can it possibly have?