The Crypto.com hack is less than a week old and still very fresh in the minds of investors in the space. In what was a brief attack, the hackers were able to access a portion of users’ accounts on the platform and steal their funds.
In this report, we ask a couple of experts in the crypto security space their thoughts on the hack and what could have led to it. These experts provide insight into the attack, as well as how this reflects on decentralized exchanges when it comes to security and control on the part of the users.
Crypto.com 2FA Breach
It is now a widely-known fact that the Crypto.com hackers got in by somehow managing to bypass the 2FA security measures on the site. However, what remains a mystery is how the attackers were able to do this. The exchange itself has not spoken on the mechanism implemented by these hackers so we turned to experts in the space to shed light on how this was possible.
Gleb Zykov, the co-founder and CTO of HashEx, a blockchain security company that focuses on smart contract code auditing, shared with Bitcoinist how the hackers could have gotten into the system.
2FA authentication is a security measure that is triggered when a user logs in, creating a one-time password that matches the one created on the site. 2FA apps are usually on the user’s phone, so only they have access to this code. How then we’re the hackers able to get in?
Zykov explains that one of the ways to bypass this measure was using a trojan. Basically, the attackers compromise users’ devices with a trojan which will then intercept the user’s credentials. The hacker is then able to access the user’s account using the intercepted code to log into their account.
“2FA can be vulnerable as well. The user’s device can be compromised with a trojan. The trojan can intercept the user’s credentials and the one-time password generated on the website. Then it can allow a hacker to log in to the user’s account or monitor the user’s communication with the site,” Gleb Zykov, Co-Founder & CTO, HashEx.
This would mean that individual users’ accounts were compromised as opposed to the exchange’s wallet itself, which is usually the case. The exchange has since asked users to reset their 2FA and log back into their accounts.
CRO trading at $0.472 | Source: CROUSD on TradingView.com
Brian Pasfield, CTO at Fringe Finance also weighed in on the attack. Pansfield explains that the attackers most likely found a vulnerability in Crypto.com’s security system. “It could even be the encrypted reserve copies needed for the recovery of accounts created by the exchange’s 2FA software,” the CTO noted. This would’ve allowed them to access and steal funds from users’ accounts on the exchanges.
As for the time of the attack, it was still unclear as to how much the hackers got away with. This report from Wealthier Today states that around $15 million in ETH was said to be stolen, according to a report from PeckShield. Others have speculated that it was much higher.
Pseudonymous researcher ErgoBTC posted that an additional 444 BTC was said to have been lost in the hack, bringing the total lost to around $33 million. Crypto.com corroborated this figure in a statement on Thursday that said that hackers had indeed made off with over 4K ETH, 443.93 BTC, and about $66K in other currencies.
Featured image from The360Report, chart from TradingView.com