Hackers Reportedly Stole $15M From Crypto.com Users

Thieves that hacked Crypto.com earlier this week appear to have made off with $15 million, despite the cryptocurrency exchange claiming that "no customer funds were lost."

Blockchain security and analytics company PeckShield tweeted on Jan. 18 that Crypto.com had been robbed of about $15 million worth of Ether, which was being washed with Tornado Cash, a decentralized smart contract platform that allows users to conduct anonymous transactions on the Ethereum blockchain. PeckShield's comments—which industry analysts, according to Fortune, say are likely to be accurate—came after Crypto.com attempted to downplay the hack and reassure users that none of their funds had been stolen.

Crypto.com Plays Down Hack, Says 'All Funds are Safe'

On Jan. 17, Crypto.com admitted via Twitter that "a small number of users" had reported "suspicious activity" and that it has paused withdrawals to "ensure the safety of users' funds." Then, later that day, the crypto exchange tweeted that it had dealt with the issue, strengthened its security infrastructure, and restored all withdrawal services, adding that "all funds are safe."

Speaking to Bloomberg TV, Crypto.com CEO Kris Marszalek later confirmed that 400 accounts had been hacked during the security breach. Marszalek said the firm immediately paused withdrawals and then fixed the issue, bringing everything back online in "about 13 to 14 hours."

The CEO also hinted that money had been stolen, despite the company previously indicating that no funds had been lost. He said that "all of the accounts that were affected were reimbursed, so there was no loss of customer funds." These comments suggest that the company believes that funds are not lost if whatever is stolen is reimbursed.

Marszalek, who refrained from specifying exactly how much had been stolen, added that more information will follow in the coming days once Crypto.com concludes its investigation.

Analysis Shows That $15 Million Was Stolen

Crypto.com's efforts to reassure users that everything was under control and that the hack hadn't resulted in its customers losing funds was dealt a blow by a tweet from China-based blockchain security firm PeckShield. Contrary to Crypto.com’s line that "all funds are safe," PeckShield revealed that the exchange had actually lost about $15 million of funds. Several Crypto.com users also admitted on Twitter that funds had been stolen from their accounts.

PeckShield's allegations were then reinforced by some industry analysts, including Scott Pounder, head of investigations at Crystal Blockchain, who said, according to Fortune, that blockchain data shows that a "significant sum" was taken from Crypto.com.

Worrying Signs

Crypto.com's apparent willingness to quickly reimburse customers with its own capital will prove reassuring to users, as will moves made by the exchange to bolster its security. The same cannot be said for the company's repeated insistence that "all funds are safe." This somewhat misleading statement threatens to hurt Crypto.com's reputation and undo some of the progress made by last year's expensive marketing drive.

Still, Crypto.com is not the only victim of digital scammers. These exchanges are susceptible to theft, even when there's decent security in place. In 2021, cryptocurrency hackers stole $14 billion, according to data and blockchain analytics firm Chainalysis, which is 79% more than what they made from scams and thefts in 2020.