Several Crypto.com users reported suspicious transactions that stole thousands of dollars in Ethereum (ETH) despite their accounts being protected with 2FA.
Crypto.com is a cryptocurrency exchange app based in Singapore, the app currently has 10 million users and 3,000 employees.
The company has confirmed the unauthorized access to wallets belonging to a ‘small number’ of users.
In response to the users’ reports of suspicious transactions, the company temporarily suspended all withdrawals and launched an internal investigation.
The cryptocurrency exchange app now has restored withdrawal services and reassured its users saying that all funds are safe:
The company did not provide details about the attack either the exact amount of stolen funds from the compromised wallets. It is not clear how the attackers were able to bypass two-factor authentication (2FA), if confirmed they have exploited some vulnerabilities in the platform.
Crypto.com users have to monitor their balance and report to the company any suspicious transaction. Experts also recommend enabling both 2FA and Face ID/Touch ID to protect their accounts from unauthorized access.
(SecurityAffairs – hacking, Crypto.com)