Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
According to the Crypto.com investigation report, “On January 17, 2022, Crypto.com learned that a small number of users had made unauthorized withdrawals of cryptocurrencies on their accounts. Crypto.com immediately suspended all token withdrawals to initiate the investigation and remained open 24/7 Work to resolve the issue. No clients suffered loss of funds. In most cases we blocked unauthorized withdrawals and in all other cases clients were fully reimbursed. The incident affected 483 Crypto. com users. Unauthorized withdrawals totaled 4,836.26 ETH, 443.93 BTC and approximately $66,200 in other currencies.” Attack method (per SlowMist): Permission Stolen. Reported loss: $ 34,000,000.
- chain
- —
- protocol
- Crypto.com
- bug_class
- access-control
- date_occurred
- 2022-01-18
- loss_usd
- $34,000,000
- source_id
- sm:crypto-com::2022-01-18