During the attack on the infrastructure Crypto.com accounts of about 400 users were hacked. The cryptocurrency platform covered the losses of customers, so their funds were not affected, said the company’s CEO Chris Marshalek.
“We stopped it very quickly, froze withdrawals, fixed it and returned online in about 13-14 hours. On the same day, all accounts that were affected received refunds. Therefore, there was no loss of customer funds,” Marshalek said.
On January 17, after customers reported suspicious activity on their accounts, Crypto.com suspended the withdrawal of funds. The company assured that user assets are safe, but PeckShield analysts estimated the damage from the hackers’ actions at more than $15 million.
An OXT Research specialist under the pseudonym ErgoBTC noted that the value of the stolen assets was significantly higher.
He drew attention to the fact that hackers withdrew from the platform not only 4836 ETH, but also 444 BTC (~$18.63 million at the exchange rate at the time of writing). Thus, the total damage may amount to more than $33 million.
ErgoBTC also stressed that the attackers sent all the BTC to the address of the bitcoin mixer, which was used in the past by the hacker Lazarus Group and Darkside.
In a conversation with Bloomberg, Marshalek did not name the exact amount of the stolen funds, but stressed that on a business scale Crypto.com the losses are “not particularly significant.” According to him, the company is still investigating the incident and will publish a report in the next few days.