Crypto.com Suspends Withdrawals Following ‘Unauthorised Activity’ on User Accounts

Crypto.com suspended withdrawals this week after a small number of users reporting suspicious activity on their accounts, claiming “all funds are safe” – but not before security firm Peckshield reported losses amounting to “about US$15 million”.

Several Customers Report ‘Thefts’

The Singapore-based exchange stopped withdrawals on January 17 in response to several “thefts” reported by customers. One of them was Dogecoin (DOGE) founder Billy Markus, who noticed a suspicious transaction pattern on Etherscan.

Several hours later, Crypto.com issued an update advising users were required to sign back into their accounts and reset their two-factor authentication (2FA).

However, crypto enthusiast and jeweller Ben Baller claimed his account had been breached to the tune of 4.28 ETH (about US$15,000). Baller tweeted he had used 2FA to sign back in, so it appears the perpetrators must have bypassed some of Crypto.com’s security features:

At around 16:00 UTC, Crypto.com CEO Kris Marszalek tweeted that final checks were being made prior to withdrawals being resumed within the following hour, reiterating that “all funds were safe”.

Not Your Keys, Not Your Coins

In July last year, exchanges suspended Bitcoin SV (BSV) following double-spending attacks registered on the coin’s network. Developers of the BSV network had identified a wallet address that was linked with a history of illegal activities, including ransomware. The attacker had tried to mask double-spending of coins by causing block re-organisation attacks, which usually occurs when miners work together to remove previously confirmed blocks from the blockchain.

And just last month, centralised US crypto exchange BitMart was hit by one of the most devastating hacks to date, draining a combination of cryptocurrencies. The losses were estimated to be around US$200 million by security firm PeckShield, who – as in this week’s Crypto.com case – picked it up as it was happening.