The digital asset exchange – CryptoCom – came up with an official statement regarding the latest attack on its platform. The company revealed that the incident affected nearly 500 people, but they were fully refunded.
The Saga Had a Happy End
In its most recent report, CryptoCom disclosed that it first found out about the issue in the early hours on Monday (January 17). The monitoring systems of the trading venue detected unauthorized activity on a small number of user accounts where transactions were approved without the necessary 2FA authentication, the announcement reads.
Consequently, the team suspended withdrawals of all tokens and initiated an investigation. As CryptoPotato reported a few days ago, the firm also addressed the community about the attack.
In the aftermath, CryptoCom announced that the perpetrators affected 483 users. Nonetheless, none of them experienced a loss of funds as the company either prevented the suspicious transactions or fully reimbursed the customers.
Subsequently, the company stated that the unauthorized withdrawals totaled 4,836.32 ETH, 443.93 BTC, and around $66,200 in other digital assets. Converted in US dollars, the total amount equals almost $34 million (calculated by today’s prices).
CryptoCom’s Security Policy
Shortly after identifying the issue, CryptoCom migrated to an entirely new Two-Factor Authentication (2FA) infrastructure. The company reminded that it has mandatory 2FA policies on both the frontend and backend to protect investors during such incidents.
Furthermore, CryptoCom introduced an additional layer of security on January 18, 2022, to add a 24-hour delay between registration of a new whitelisted withdrawal address and first withdrawals.
The platform’s team audited the entire process and connected with third-party security firms, which performed additional checks and initiated threat intelligence services. CryptoCom vowed to provide more security features once it moves to Multi-Factor Authentication (MFA).
Kris Marszalek – Co-Founder and CEO of the trading venue – maintained that the customers’ safety is the highest priority for his firm.
“While we are reminded of the existence of bad actors intent on committing fraud, this new Worldwide Account Protection Program, along with our new MFA infrastructure, gives our users unprecedented protection of their funds, and hopefully, peace of mind,” the executive asserted.
Other Crypto Attacks in the Recent Past
While the cryptocurrency market is an intriguing niche for many investors, those should also be aware of cyber-attacks and hackers who could breach their accounts and holdings.
In August 2021, the interoperability protocol PolyNetwork became a victim of such a bad actor, who drained more than $600 million worth of digital assets. The platform got exploited on Binance Smart Chain as the hacker swiped the funds from at least three wallets. The event became known as the biggest hack in the DeFi space.
However, a few days after the attack, the anonymous perpetrator transferred back most of the funds. He also rejected a $500,000 bounty offer saying he breached PolyNetwork’s security “for fun.”
Towards the end of 2021, Cream Finance – another DeFi protocol – also suffered a cyber-attack. The perpetrators managed to steal over $130 million worth of various cryptocurrencies. Interestingly, this was the third security breach for Cream Finance in 2021 alone.