Mon | Jan 24, 2022 | 6:38 PM PST

Crpyto.com, the popular DeFi (Decentralized Finance) site used by millions to trade cryptocurrencies, recently acknowledged a security incident that impacted 483 of its users.

The threat actor(s) behind the incident were able to access these accounts without the 2FA (two-factor authentication) control that would normally be required of users, resulting in some staggering losses for the organization. Unauthorized withdrawals from the 483 accounts totaled 4,836.26 ETH, 443.93 BTC, and $66,200 in "other cryptocurrencies."

Crypto.com described the incident:

"On Monday, 17 January 2022 at approximately 12:46 AM UTC Crypto.com's risk monitoring systems detected unauthorized activity on a small number of user accounts where transactions were being approved without the 2FA authentication control being inputted by the user.

This triggered an immediate response from multiple teams to assess the impact. All withdrawals on the platform were suspended for the duration of the investigation. Any accounts found to be impacted were fully restored. Crypto.com revoked all customer 2FA tokens, and  added additional security hardening measures, which required all customers to re-login and set up their 2FA token to ensure only authorized activity would occur.

Downtime of the withdrawal infrastructure was approximately 14 hours, and withdrawals were resumed at 5:46 PM UTC, 18 January 2022."

Crypto.com revamps 2FA

Following the incident, Crypto.com looked into how it could improve security moving forward, which includes a "completely new 2FA infrastructure."

It says that all 2FA tokens were revoked in order to ensure the new infrastructure was in effect, and that during this revocation phase, mandatory 2FA policies were placed on the frontend and backend to protect users.

The company also added an extra layer of security with a mandatory 24-hour delay between registration of a new withdrawal address and the first withdrawal. Users will be notified when new addresses are added, allowing them time to respond if the address is unauthorized.

To further evaluate the company's security posture, a "full audit of the entire infrastructure" was conducted with multiple improvements to be implemented soon, according to the company.

It also states that it will gradually move away from 2FA to true MFA (multi-factor authentication) as part of its pledge to better protects users.

None of the 438 users effected by this incident experienced a loss of funds.

Comments