Cryptocurrency platform Crypto.com has allegedly suffered a security breach of $15 million, blockchain security firm Peckshield reported the latest developments Tuesday.
— PeckShield Inc. (@peckshield) January 18, 2022
According to the on-chain data, the stolen funds 4,600 ETHs were laundered via Tornado Cash, an ETH mixer protocol that offers transaction privacy by breaking the on-chain link between source and destination addresses. While the mixer protocols are used to maintain the privacy of activists or politicians, more often than not they are used to indulge in money laundering.
Peckshield reported that the Ethers were transferred in 48 batches of 100 ETH per transaction and three batches of 10 ETH per transaction between 12:53 AM UTC and 3:00 AM UTC.
The news comes following the reports of unauthorized activities confirmed by some users on January 17. Soon after, the crypto exchange suspended withdrawals to investigate the matter but said at the time that all funds were safe.
We have a small number of users reporting suspicious activity on their accounts.
We will be pausing withdrawals shortly, as our team is investigating. All funds are safe.
— Crypto.com (@cryptocom) January 17, 2022
Crypto.com soon after restored the withdrawal services and reiterated that all the funds are safe. However, after once again receiving reports of suspicious activities in users’ accounts, the exchange asked its users to reset two-factor authentication.
Some thoughts from me on the last 24 hours:
– no customer funds were lost
– the downtime of withdrawal infra was ~14 hours
– our team has hardened the infrastructure in response to the incident
We will share a full post mortem after the internal investigation is completed.
— Kris | Crypto.com (@Kris_HK) January 18, 2022
The exchange is yet to reveal details of the investigation.