Paying out over $700 million to change the Staple name, Crypto.com suffered an exploit of roughly $15 million or 4,830 ETH.
With many Crypto.com users reporting unauthorized activity, the company temporarily paused withdrawals on January 17, 2022.
What happened during the Crypto.com hack? What's the company doing to make sure that users' funds are secure moving forward?
What happened during the Crypto.com hack?
As more users started receiving notifications from the cryptocurrency platform regarding unauthorized activity, suspicions of nefarious activity mounted.
According to Peckshield, the blockchain security team, the money got processed through "Tornado Cash"—a mixer to erase the source and destinations of transactions.
Records show that the heist occurred in batches of 100 ETH. During the hack, 40 total transactions got deposited from the hacker and three transactions of 10 ETH, or roughly $31,000, were sent through "Tornado Cash."
How did the Crypto.com hack occur?
So far, there isn't any indication of how the hack occurred, but Crypto.com responded immediately and paused all withdrawals in the wake of the suspicious activity. The company wanted users to know that their capital was safe. Crypto.com announced the reset of all two-factor authentication (2FA) protocols.
While users' funds remain safe, Crypto.com CEO Kris Marszalek didn't clarify whether the exchange was missing any funds. He will address the hack after a thorough investigation is complete.
Many users have voiced their concerns on Twitter. Allegedly, Crypto.com views the $15 million hack as merely an "incident" since no "user-funds" were stolen.
Overall, feelings of confusion and a sense of uneasiness pervade the Crypto.com user community since it isn't clear how the hack occurred. With users apprehensive about what vulnerability triggered the heist, the exchange did reinforce its 2FA.
Do most cryptocurrency hacks have to do with centralization issues?
Crypto pundits advocate for decentralization since it's a pillar in security on the blockchain. However, decentralization doesn't usually fare well when scaling at large, which is often why platforms resort to centralized infrastructure.
According to blockchain and security auditing firm Certifik, in 2021, the most common attack vector in DeFi protocols was the centralized aspects. The firm said, "Centralization is antithetical to the ethos of DeFi and poses major security risks. Single points of failure can be exploited by dedicated hackers and malicious insiders alike."
The trilemma for decentralization is the reason some Ethereum users have migrated to other chains and competitors like Solana. However, they're also facing scalability issues.
The data in the Certifik report indicates that roughly $1.3 billion was lost through a single point of failure. Out of the 1,737 contracts the firm audited, there were 286 instances where a contract was susceptible to centralization risks.
CRO, the native token to Crypto.com, has faced downward pressure and is down over 1 percent at the time of writing, according to CoinMarketCap. Despite the latest turn of events, speculation has buyers waiting to load up on the dip.