Crypto.Com Suffered A 2FA Hacker Attack; A First For 2022

by Simon Briggs

After a rough 2021 in which hackers made some successful attacks on crypto exchanges and platforms, the crypto industry wished for a smoother 2022. However, the new year may turn out to be just a clone of 2021.

In the early days of 2022, the crypto industry wished for a smoother year, but Crypto.com became the first major exchange to be hacked. Crypto.com confirmed the attack in the early hours of Monday after users began reporting issues with their accounts. Meanwhile, the case got even further, as some users reported that their balances reported missing cryptocurrencies, with hackers taking all the funds from accounts in certain cases.

Cryptocurrency enthusiasts like Ben Baller also got hacked and left with no access to their accounts.

“I messaged yah guys hours ago about my account having 4.28ETH stolen out of nowhere, and I’m also wondering how they got past the 2FA?”, Baller wrote to Crypto.com.

As the hacking attack intensified, Crypto.com acknowledged the hack, announcing withdrawal pausing on all accounts and that it should resume shortly after an internal investigation finds the root cause of the hack. The exchange, however, noted that only a small number of users were affected by the hack, but the Crypto.com community replied that the hack actually got to a significant number of users.

However, Crypto.com has yet to specify a root cause for the hack, leaving users with no ability to withdraw their funds, and pending withdrawals were left in limbo, unable to complete. Nevertheless, users speculate that hackers bypassed the exchange’s two-factor authentication (2FA). In response, the exchange urged users to reset their 2FA information and log out and log back into the exchange to regain access.

“Earlier today, a small number of users experienced unauthorized activity in their accounts. All funds are safe. In an abundance of caution, security on all accounts is being enhanced, requiring users to: -Sign back into their App & Exchange accounts -Reset their 2FA.”, Crypto.com tweeted.

Meanwhile, as the story unveils to its full extent, the exchange resumed all withdrawal operations, while user funds were safe. However, Crypto.com did not provide any additional information about the hack, the number of stolen funds, or the investigation status.

The attack on Crypto.com marks yet another large-scale hacking attack. Coinbase, one of the leading crypto exchanges to date, suffered from a vulnerability in the SMS recovery process, which gave hackers access to over 6000 user funds. However, the record for the largest ever hacker attack remains the $600 million PolyNetwork attack back in August 2021.

And according to Immunefi, a security firm, 2021 alone marks $2.66 billion worth of cryptocurrencies lost due to hacker attacks, while other security companies estimated that the number is larger, eclipsing $4 billion.