Crypto.com restores withdrawals after reported $15M ETH hack

Crypto.com restores withdrawals after reported $15M ETH hack

Prominent cryptocurrency exchange Crypto.com briefly froze withdrawals for customers this week as it investigated a possible US$15 million theft. The company later posted that withdrawals had been restored and “all funds are safe.”

Crypto.com first brought attention to the problem on January 17, 2022, but did not comment if any funds were stolen.

Anecdotal accounts posted on Twitter claimed thefts of ETH and BTC, some from accounts with 2FA (two-factor authentication) enabled. However, we should note that reports of exchange hacks are often met with such claims, which are difficult to verify individually.

Users also reported having to reset their 2FA settings following the incident, and some were still reporting problems as of late yesterday.

Blockchain security and analytics firm PeckShield Inc. later claimed that a theft of roughly 4.6K ETH took place. Those ETH units, according to its analysis, were being “laundered” in 100 ETH amounts through Tornado.Cash—a coin mixer offering “non-custodial anonymous transactions on Ethereum”.

Crypto.com is famous more for its efforts promoting its brand than for its history as a digital asset exchange. The owners of Asian debit card company Monaco purchased the sought-after domain name in July 2018 for an undisclosed sum (though believed to be in the eight-figure range).

It has hired Hollywood celebrity Matt Damon as the face of its promotional campaign and sponsored a number of top-level professional sports teams and leagues in the U.S., Canada, and Europe—as well as signing sponsorship deals with UFC and Formula One. Most notably, it purchased stadium naming rights to the former Staples Center in Los Angeles, which is now known as the Crypto.com Arena.

The exchange also has an NFT marketplace that features celebrity sportsperson-endored “drops” as well as the usual art-series collectibles.

The very-profitable digital asset exchange business and its security issues

The story, if all the reported events above are true, highlights a number of issues with today’s digital asset exchanges.

The first is the most obvious one: no matter how professional in appearance, all exchanges are vulnerable to thefts and other security problems. These can come from external hacks directly on company wallets or on individual users’ wallets via “phishing” attacks or may be “inside jobs” from malicious employees. Exchanges are rarely transparent and provide few details of what, if anything, occurred.

Similar to the above, another issue concerns the efforts by exchanges to brush security issues under the rug as quickly as possible, with little fanfare. Even when multi-million-dollar losses are reported by users and analytics firms like PeckShield, exchanges frequently follow a theft claim with a simple “your funds are safe”—with no explanation as to how losses were covered. Binance‘s “funds are SAFU” (after the name of the company’s in-house security program) has become a social media meme after exchange withdrawals go offline for a period.

If theft of digital assets worth eight-figures or more actually happened, how are these losses covered? One explanation is that big financial backers step in to cover with actual funds or reserves, and consider it one of the costs of doing business (or a loan). There’s also the possibility that losses may be covered with a stablecoin such as Tether—which seems to have no upper issuance limit—and paid back from future exchange profits. Some exchanges also claim to have insurance. Since most exchange accounts don’t have FDIC insurance like banks, these would be private deals.

Given that an overwhelming percentage of the digital asset and blockchain industry’s economic activity revolves around speculative asset trading, exchanges are the most profitable businesses to operate. Bloomberg reported in 2018 that exchanges were raking in US$3 million or more per day from trading the thousands of different digital assets on today’s markets. Four years and exponential booms in prices and assets available, that number is likely far higher.

Therefore, a $15 million loss that would’ve been a massive story half a decade ago can be covered by a major exchange without much fuss. It’s a sign that the blockchain industry, which launched with promises to “free the market, free the world” and to create a new global economy, still remains very focused on getting rich quick and cashing out in fiat currencies like USD, CNY and JPY—rather than creating any real-world economic value.

Follow CoinGeek’s Crypto Crime Cartel series, which delves into the stream of groups—a from BitMEX to BinanceBitcoin.comBlockstreamShapeShiftCoinbaseRipple,
EthereumFTX and Tether—who have co-opted the digital asset revolution and turned the industry into a minefield for naïve (and even experienced) players in the market.

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.

[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]
[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]