Following a security breach on Monday, approximately $33.8 million in crypto assets were stolen from Crypto.com.

The official statement from the Singapore-based crypto exchange following a halt on withdrawals after detecting "suspicious activities" in user accounts clarifies the Crypto.com security breach saga.

Crypto.com revealed in a statement on Thursday that "4,836.26 ETH, 443.93 BTC, and approximately US$66,200 in other currencies" had been taken from clients' accounts without their permission. According to current market value, the total loss is currently valued at around $33.8 million.

Several Crypto.com users have reported that their money has been stolen as a result of a security breach. However, previous responses from the company had failed to assuage concerns.

According to the official document, Crypto.com's risk monitoring systems detected "unauthorised activity on a small number of user accounts" on Monday at around 12:46 a.m. UTC, where transactions were authorised without the user entering the two-factor authentication (2FA) control.

As detailed in the statement, the exchange then halted withdrawals and revoked all customer 2FA tokens, adding even more security-hardening measures that required everyone to relog in and reactivate their 2FA token before allowing only authorised action. The withdrawal infrastructure was down for 14 hours in total.

To prevent such an accident from happening again, Crypto.com claims to have added an extra layer of security by requiring a new whitelisted withdrawal address to be registered within 24 hours of the first withdrawal.

"Users will be notified that withdrawal addresses have been added, giving them adequate time to react and respond," according to the statement.

On Wednesday, Kris Marszalek, CEO of Crypto.com, told Bloomberg that the exchange had received no communication about the event from regulators. He continued, saying:

"Obviously, it's a great lesson, and we're always working to improve our infrastructure."

Support us!