The CEO of cryptocurrency exchange Crypto.com, Kris Marszalek, has finally confirmed that hundreds of user accounts were indeed compromised by hackers and money stolen as a result, although details about the exact method of breach remain unclear.
Marszalek acknowledged the hack in an online interview with Bloomberg Wednesday, stating that about 400 customer accounts had been compromised. He also told Bloomberg that he had not receiving coverage from regulators since the attack was first revealed, but would share information if an official investigation was made.
Past statements by Marszalek and other communications from Crypto.com have been criticized for being vague and unclear. Company official messages referred to a security incident, and an early Twitter post only mentioned that a small number of users “report suspicious activity on their accounts.”
Marszalek followed suit by tweeting that “no customer money was lost” — a statement some commentators interpreted as meaning the exchange would take the financial hit rather than pass it on to customers.
Some thoughts from me over the past 24 hours:
– no customer money has been lost
– the downtime of recording infra was ~14 hours
– our team has hardened the infrastructure following the incident
We will share a full post mortem after the internal investigation is complete.
— Kris | Crypto.com (@Kris_HK) January 18, 2022
Shortly afterwards, security firm PeckShield posted a tweet claiming that Crypto.com’s losses were in reality was about $15 million in ETH and were sent to Tornado Cash to be ‘washed’. Tornado Cash is a cryptocurrency privacy tool known as a “mixer” that can hide the final destination of the ether being sent in it: a service that is used legitimately, but can be easily used to collect the proceeds of theft and other to launder crypto-related crime.
The Crypto.com exchange has become one of the most recognizable brands in the cryptocurrency world thanks to a number of prominent sponsorship deals with sports teams, most notably a $700 million deal that renamed the Los Angeles Lakers Stadium – formerly known as the Staples Center. — to the Crypto.com Arena.
The exchange has also entered into agreements with the UFC Fight League, the Philadelphia 76ers NBA team, the NHL’s Montreal Canadiens and, most recently, with the Australian Football League, deals worth a staggering $1.5 billion in sponsorship.
As the size and user base of the cryptocurrency industry continues to grow, exchanges remain some of the most valuable targets for hackers to compromise. According to NBC News, there were more than 20 exchange hacks where the hacker escaped with over $10 million at a profit over the course of 2021, with six cases exceeding $100 million.