Crypto.com Withdrawals Triggered

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 16:35, 30 March 2023 by Azoundria (talk | contribs) (https://twitter.com/kris/status/1483277350683185155 added to the article, down to 8 sources left to explore.)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Crypto.com

Crypto.com is based in Singapore and one of the largest cryptocurrency exchanges globally. A vulnerability allowed an attacker to trigger withdrawals without completing the 2FA checks which were intended to be necessary for a withdrawal.

After the initial confusion, the company eventually admitted what had happened and has since appeared to compensate all users. The 2FA system has been upgraded. They've also introduced some additional coverage (APP program) where they may cover up to $250k of losses.

[1][2][3][4][5][6][7][8]

About Crypto.com

Crypto.com is a Singapore-based exchange[9] which was founded in 2016[10]. As of November 23rd, 2021, the platform had over 300 employees[9] and served over 10 million customers worldwide[9][10][11].

"CRYPTO.COM EXCHANGE. Trade with confidence on the world’s fastest and most secure crypto exchange." "The World’s Fastest Growing Crypto App" "Buy crypto at true cost. Buy and sell 250+ cryptocurrencies with 20+ fiat currencies using bank transfers or your credit/debit card." "Join 10m+ users buying and selling 250+ cryptocurrencies at true cost. Spend with the Crypto.com Visa Card and get up to 8% back. Grow your portfolio by receiving rewards up to 14.5% on your crypto assets."

Crypto.com shares a strong brand vision for their platform[12].

"Powered by cryptocurrency, the future of the internet: Web3 will be more fair and equitable, owned by the builders, creators and users. You." "We believe it is your basic right to control your money, data and identity."

Like most platforms, they have a full page on their security policies and procedures[13].

"Security First. Always." "Our commitment to our customers is built on trust. We believe that security and data privacy are the foundations of achieving mainstream cryptocurrency adoption."

Crypto.com had recently been pushing hard into the US market with viral advertising stunts including actor Matt Damon, and a $700 million purchase of the naming rights to the Los Angeles Lakers and Clippers Arena[9][14][15]. Crypto.com also has official deals with Formula 1[16], the UFC, with the NBA, with the Philadelphia 76ers, with the NHL, with the Montreal Canadiens, and the Australian Football League[9].


On November 23rd, 2021, Crypto.com announced their SOC 2 compliance. Jason Lau, Chief Information Security Officer of Crypto.com, made a statement at the time[10].

“Crypto.com is a leader in security and compliance, including our recent SOC 2 announcement, Crypto.com [recently became] the First Cryptocurrency Platform to Achieve SOC 2 Compliance, ISO27001, ISO27701, PCI:DSS 3.2.1 (Level 1), and Highest “Adaptive” maturity levels for the NIST Cybersecurity Framework and NIST Privacy Framework." Crypto.com "successfully completed the Service Organization Control (SOC) 2 Audit, conducted by globally recognized audit and consulting firm Deloitte, which affirms that Crypto.com’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security, availability, confidentiality and privacy."

The Reality

Despite the strong regulatory and security focus, the Crypto.com platform still contained a vulnerability which allowed new withdrawal addresses to be whitelisted without authorization[9][15]. Full details on the nature of this vulnerability are not publicly known[15].

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

Crypto.com suffered a breach where cryptocurrency was withdrawn from multiple customer accounts[9][15].

"On 17 January 2022, Crypto.com learned that a small number of users had unauthorized crypto withdrawals on their accounts."

"Several users of [the] exchange endorsed by Matt Damon in a notorious viral ad complained over the weekend that their funds on the platform had been stolen. Confusion has reigned since then, as the company said no customer funds were stolen in what it vaguely referred to as an “incident" in communications." Complaint had initially only "been met with vague responses from the company".


"On Monday, 17 January 2022 at approximately 12:46 AM UTC Crypto.com’s risk monitoring systems detected unauthorized activity on a small number of user accounts where transactions were being approved without the 2FA authentication control being inputted by the user. This triggered an immediate response from multiple teams to assess the impact. All withdrawals on the platform were suspended for the duration of the investigation."

"On Monday, reports emerged that Crypto.com had halted withdrawals "after a small number of users" experienced suspicious transactions on their accounts. The cryptocurrency exchange has since resumed withdrawals and confirmed that its users' money was "safe," but reports emerged later that it had lost 4.6K ETH ($15 million) and was being laundered using Tornado Cash." "PeckShield claimed in the tweet that about half of the funds were being sent to Tornado Cash to be “washed.” Tornado Cash says it provides “non-custodial anonymous transactions” on the Ethereum blockchain, meaning it can hide where crypto is being sent."


Key Event Timeline - Crypto.com Withdrawals Triggered
Date Event Description
January 16th, 2022 5:01:00 AM MST Bitcoin Withdrawal Transaction A large bitcoin withdrawal of 52.55312294 bitcoin is noted originating from Crypto.com[17][18].
January 16th, 2022 5:46:00 PM MST Risk Monitoring System Detection "Crypto.com’s risk monitoring systems detected unauthorized activity on a small number of user accounts where transactions were being approved without the 2FA authentication control being inputted by the user"[19][20].

Crypto.com reports that this "triggered an immediate response from multiple teams to assess the impact"[20].

January 16th, 2022 9:44:00 PM MST Crypto.com Reports Suspicious Activity Crypto.com posts on Twitter to report that "a small number of users" are "reporting suspicious activity". They state they will be "pausing withdrawals shortly" and that "[a]ll funds are safe"[21].
January 16th, 2022 11:53:00 PM MST Reports Unable To Withdraw Funds Twitter user Dr. Peter Wong reports being unable to withdraw funds from the Crypto.com website[22].
January 17th, 2022 6:14:00 PM MST Peckshield Reports Stolen Ethereum Peckshield posts on Twitter that the total loss is about $15M with at least 4.6K ETHs. They also report that half of the stolen ethereum is being washed via the TornadoCash service[23].
January 17th, 2022 8:17:00 PM MST Kris Marzalek Publishes Tweet Crypto.com CEO Kris Marzalek publishes a tweet with "thoughts from me on the last 24 hours", including that "no customer funds were lost ", "the downtime of withdrawal infra [structure]was ~14 hours", and "our team has hardened the infrastructure in response to the incident"[24]. He's "particularly happy" about "the support we received from the community both publicly and in DMs" and "the opportunity this incident gave us to further strengthen our setup"[25]. (TBD Publish more on the community reactions.)
January 17th, 2022 11:38:00 PM MST BeInCrypto First Article (TBD)
January 17th, 2022 8:46:00 PM MST Investigation Started Withdrawals Disabled According to the Crypto.com postmortem, "withdrawals were resumed" at "5:46 PM UTC, 18 January 2022," after 14 hours of downtime[20]. In his interview on Bloomberg TV, CEO Kris Marzalek stated "we paused withdrawals, we fixed it [and] we were back online in about 13/14 hours"[26][27]. His statement on Twitter says "~14 hours"[24]. Based on a simple calculation, that puts the time of withdrawals being disabled close to 3:46 AM UTC on January 18th.

Crypto.com also reports that "withdrawals on the platform were suspended for the duration of the investigation"[20], which suggests that their investigation was also started at this time, which would be approximately 25 hours after initial identification by the risk monitoring system.

January 18th, 2022 1:36:00 AM MST 2FA Reset Reported Twitter user Saint_Pump reports that he was logged out of the Crypto.com application and asked to set up 2FA[28]. It's unclear if this was a result of the hack or part of the 2FA reset procedure initiated by Crypto.com.
January 18th, 2022 10:46:00 AM MST Withdrawals Enabled Again According to the Crypto.com postmortem, "withdrawals were resumed" at this time, after 14 hours of downtime[20].
January 18th, 2022 1:44:00 PM MST ErgoBTC Reports Stolen Bitcoin Twitter user ErgoBTC references the previously reported 4.6k ETH from the Crypto.com breach and reports an additional 444 BTC in suspicious withdrawals also appearing to be withdrawn from Crypto.com. The tweet chain includes a reference to the large bitcoin withdrawal transaction[29][30], an analysis on the path of the funds being laundered[31][32], and other users of the same tumbler services[33]. They note that while there is still no public acknowledgement released by Crypto.com[34], Crypto.com appears to be making customers whole[35].
January 19th, 2022 8:28:00 AM MST BeInCrypto Article Released BeInCrypto releases an updated article on the situation, which includes some backstory and information about the additional withdrawal of bitcoin which was uncovered by ErgoBTC[36].
January 19th, 2022 9:38:00 AM MST Bloomberg Live Interview Completed Crypto.com CEO Kris Marszalek discussed the hack in an interview on Bloomberg Live[27].
January 19th, 2022 10:15:00 AM MST TheBlock Article Released An article is released on TheBlock in which the CEO of Crypto.com addresses the hack[26].
January 19th, 2022 3:07:59 PM MST CoinTelegraph Article Released An article released on CoinTelegraph "3 HOURS AGO" provides a loss estimate of $33m. It mostly repeats the information in ErgoBTC's post. CoinTelegraph reports that they reached out to Crypto.com but did not receive any response as of their publishing time[37].
January 20th, 2022 1:24:07 AM MST Crypto.com Releases Post-Mortem Crypto.com releases a post-mortem on their website prior to 1:24:07 AM[20]. The post-mortem calls the situation "the 17th of Jan security incident", which triggered "an immediate response from multiple teams", and confirms that "withdrawals on the platform were suspended for the duration of the investigation". It totals the amount lost, provides a rough timeline of some key events, and announces their new "Worldwide Account Protection Program (WAPP)" program[20].
January 20th, 2022 6:13:00 AM MST ErgoBTC Reports PostMortem Researcher ErgoBTC reports on the Crypto.com post-mortem[38].
January 20th, 2022 7:38:47 AM MST Crypto.com Fixes Post-Mortem Title The original post-mortem failed to have a title[20], which Crypto.com subsequently fixed with an update that happened at some point between 5:38:21 AM MST[39] and 7:38:47 AM MST[40].
January 20th, 2022 11:13 AM MST TechCrunch Article Released TechCrunch releases their article covering the breach with information from Crypto.com's post-mortem report[15].
January 20th, 2022 7:00:37 PM MST Crypto.com Renames Protection Program The original post-mortem announced a protection program called WAPP (Worldwide Account Protection Program)[20][41]. A subsequent updated between 0:59:54 UTC and 2:00:37 UTC renamed this program to APP (Account Protection Program)[42].
January 21st, 2022 3:27:09 AM MST Currencies Typo Fixed The post-mortem is once-again revised, this time to correct a typo where the original post-mortem stated that "approximately US$66,200 in other currencies" were lost[20][43], as opposed to the proper wording of "approximately US$66,200 in other cryptocurrencies"[44].
January 21st, 2022 4:15:01 PM MST Andrei Jikh Video Uploaded Well known YouTuber Andrei Jikh uploads a video about the breach. In this video, he indicates that the funds are presently being laundered through TornadoCash[9].
January 26th, 2022 1:22:00 PM MST Zaky Not Reimbursed Twitter user Zaky reports that they were not reimbursed[45][46].
February 18th, 2022 10:12 AM MST Scott Weaver Not Reimbursed Twitter user Scott Weaver reports still having not received any reimbursement for his lost funds[47][48].

Total Amount Lost

There is a slight deviation in the amount of loss reported over time from various sources, as well as the total balance.

Reported Losses By Source
PeckShield[23] ErgoBTC[34] CoinTelegraph[49] Crypto.com[20] TechCrunch[15] Andrei Jikh[9]
Date Jan 16th Jan 18th Jan 19th Jan 20th Jan 20th Jan 21st
Ethereum 4600 ETH 4600 ETH 4600 ETH 4836.26 ETH $15 million USD 4836 ETH
Bitcoin 444 BTC 444 BTC 443.93 BTC $19 million USD 443 BTC
Other $66,200 USD $66,200 USD
Customers 483 400
Total $15 million USD $33 million USD $34 million USD $30 million USD

"The incident affected 483 Crypto.com users. Unauthorised withdrawals totaled 4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other cryptocurrencies."


The total amount lost has been estimated at $34,358,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

Crypto.com's CEO later appeared on Bloomberg TV and explained the reaction.

The last 48 hours activity. What happened here? What was behind this hack?

Alright, so, first and foremost, umm, we invest very heavily in cybersecurity. We have over 200 professionals, around the world whose collectively spent the last few years building a very robust infrastructure. And we call it defense in depths. There are multiple layers, and in this particular incident, some of these, uhh, layers were breached, which resulted in about, 400 accounts, umm, having unauthorized transactions, alright. We very quickly stopped it. We paused withdrawals. We fixed it. We were back, umm, online, in about 13/14 hours, and during the same day all the accounts that were affected very fully reimbursed, so there was no loss of customer funds. Uhh, obviously, you know, it's a very great lesson, and, uhh, I mean we are continuously strengthening our infrastructure.

One outside analyst estimates $15 million dollars was lost. I saw another estimate as high as $33m. Can you give us a number?

Alright, we are still working on a post-mostem for the incident, and it's gonna be posted on, uhh, on our blog, in the next couple of days. Uhh, so I'll, uhh, leave the final numbers, till, umm, till that report. And, in any case, uhh, one has to remember that, given the scale of the business that I have, these numbers are not particularly material, and customer funds were never at risk.

So, I'm curious. Traders reported being suspicious.

“We very quickly stopped it, we paused withdrawals, we fixed it [and] we were back online in about 13/14 hours and during the same day, all the accounts that were affected very fully reimbursed, so there was no loss of customer funds,” Marszalek stated, during the interview.


"Crypto.com first paused withdrawals on its platform on Sunday after noting via Twitter that a “small number of users [are] reporting suspicious activity on their accounts.” It also asked customers to reset their two-factor authentication out of “an abundance of caution.”" "The company then reassured users numerous times in its communications that customer funds were safe, drawing speculation that Crypto.com would cover any customer losses incurred." "The site suspended all withdrawals for 14 hours to investigate the issue."

"The company “revoked all customer 2FA tokens and added additional security hardening measures” before asking customers to log back into the platform and set up their 2FA tokens again, the company says. The additional measures include a mandatory 24-hour delay between registration of a new withdrawal address and the first withdrawal, so users will be notified and have “adequate time to react and respond” by contacting the Crypto.com team if the withdrawal appears to be unauthorized."

"ErgoBTC tweeted on Tuesday suggesting that another 444 BTC ($18.5 million) had been stolen from Crypto.com's payout wallet. ErgoBTC said that OXT Research discovered a suspicious transaction of 52.55 BTC ($2.18 million) from Crypto.com's custodial wallet."

"Following the transaction, “several hundred withdrawals” were made which were then combined into four outputs worth 67.75 BTC ($2.81 million) each, as per ErgoBTC. The four batches amounted to 271 BTC ($11.25 million), all of which were laundered via Bitcoin tumbler— a service that allows customers to combine several transactions and make it more difficult for investigators to trace Bitcoin transfers." "The Bitcoin tumbler allegedly utilized by the alleged perpetrators to wash the 271 BTC is a well-known tool employed by the North Korean cybercrime syndicate, Lazarus."

"The total losses, worth over $34 million at current cryptocurrency values, are even higher than what analysts had predicted before Crypto.com released its statement."

"According to ErgoBTC, the criminals behind the Crypto.com security breach also controlled another address holding 172.9 BTC ($7.25 million). Blockchair data reveals that the address received the funds at about the same time as the other transactions linked to the Crypto.com hack. However, as of the publishing of this article, the purported hacker has not transferred the funds through a bitcoin tumbling service yet."

"Any accounts found to be impacted were fully restored. Crypto.com revoked all customer 2FA tokens, and added additional security hardening measures, which required all customers to re-login and set up their 2FA token to ensure only authorized activity would occur. Downtime of the withdrawal infrastructure was approximately 14 hours, and withdrawals were resumed at 5:46 PM UTC, 18 January 2022." "In an abundance of caution, we revamped and migrated to a completely new 2FA infrastructure."

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Kris Marszalek, Co-founder and CEO of Crypto.com, released a statement on the post-mortem[20].

“The safety of our customers’ funds is our highest priority, and we are continually enhancing our Defence-in-Depth security and protection measures, While we are reminded of the existence of bad actors intent on committing fraud, this new Worldwide Account Protection Program, along with our new MFA infrastructure, gives our users unprecedented protection of their funds, and hopefully, peace of mind.”

Ultimate Outcome

Customers Reportedly Made Whole

Crypto.com reportedly made all customers whole[9][15][35][50]. However, several customers have publicly reported not receiving back anything[45][46][47][48][51].

They have not even come close to paying back all funds. To this date I have yet to get back anything. All I get everyday is the same BS...please send picture of you holding a sign with today[']s date. I have been doing this for over a month with nothing. They took everything.

Lost my crypto money still can’t long in

Me too...em[ai]l was swapped and they play with us stupid game that we use wrong email. Yes we are stupid cows[. W]e cant remember email.

Funds Laundered Through TornadoCash

Stolen funds were laundered through TornadoCash[9].

Crypto.com Strengthening Security

"Crypto.com introduced an additional layer of security on 18 January 2022 to add a mandatory 24-hour delay between registration of a new whitelisted withdrawal address, and first withdrawal. Users will receive notifications that withdrawal addresses have been added, to give them adequate time to react and respond. The notification message provides useful reminders and instructions on contacting our team if the address whitelisting was unauthorized."

"The company conducted an internal audit and engaged third-party security firms to check its platform after the breach, it says. It announced its plans to transition away from 2FA and to “true multi-factor authentication” to bolster security, though it did not provide an expected timeline for this change."

"Full audit of the entire infrastructure has been conducted internally with a number of improvements being implemented to further harden the security posture. While Crypto.com already performs internal and external penetration tests, Crypto.com has immediately engaged with third-party security firms to perform additional security checks on our platform, as well as initiating additional threat intelligence services."

"Crypto.com will be releasing additional end-user security features as we move away from 2-Factor Authentication and to true Multi-Factor Authentication (MFA), providing added strength for our global user base."

Account Protection Program

"Crypto.com is introducing the worldwide Account Protection Program (APP). APP offers additional protection and security for user funds held in the Crypto.com App and the Crypto.com Exchange." "APP restores funds up to USD$250,000 for qualified users; terms & conditions apply." "Crypto.com will make the final determination of eligibility requirements and approval of claims. APP will begin rolling out in select markets starting 1 February 2022."

According the TechCrunch, the program is called WAPP (WorldWide Account Protection Program). They summarized the terms and conditions for users[15].

Crypto.com also announced in its statement today that it will be introducing the Worldwide Account Protection Program (WAPP) in select markets” starting on February 1, a program that will restore funds up to $250,000 for “qualified users” in cases where an unauthorized withdrawal occurs. To qualify for the program, users must enable multi-factor authentication on all transaction types where it is available, set up an anti-phishing code at least 21 days prior to the reported unauthorized transaction, file a police report and provide it to Crypto.com, complete a questionnaire to support a forensic investigation, and not be using a jailbroken device, according to the company.

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

"Crypto.com CEO Kris Marszalek said around 400 customer accounts have been compromised in a hack in an interview with Bloomberg TV on Wednesday." "Marszalek did not share details on how the breach occurred during the interview, though he did confirm that Crypto.com had reimbursed all the impacted accounts." "The exchange said that in most cases it “prevented the unauthorized withdrawal,” and added that in the other cases it reimbursed customers for their losses."


The total amount recovered has been estimated at $34,358,000 USD.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

“Obviously, it’s a great lesson, and we are continuously strengthening our infrastructure.”

Prevention Policies

There were no customer losses in this case, as the funds which were able to be stolen were a very small fraction of the available funds on the platform. The original loss could have been prevented by using cold storage and requiring multiple signatures on withdrawals. Even within the hot wallet infrastructure, there are opportunities to add additional factors, which make it exponentially harder for an adversary. While the APP is a great program, the decisions about coverage are subject to Crypto.com, which has an incentive only to cover smaller losses, where the value of the customer relationship and/or reputation damage is greater than the amount lost. An inustry insurance fund would act in a more impartial capacity.

References

  1. Crypto.com Says Alleged $15 Million Hack Was Just an 'Incident' (Jan 23, 2022)
  2. Crypto.com Admits $35 Million Hack (Jan 23, 2022)
  3. Crypto.com admits over $30 million stolen by hackers - The Verge (Jan 23, 2022)
  4. Crypto.com shares details on security breach: 483 accounts compromised (Jan 23, 2022)
  5. @cryptocom Twitter (Jan 23, 2022)
  6. @cryptocom Twitter (Jan 23, 2022)
  7. https://www.cnbc.com/2022/01/18/news-peckshield-says-15m-lost-on-cryptocom-tesla-accepts-doge.html (Jan 23, 2022)
  8. Rekt - Crypto.com - REKT (Feb 8, 2022)
  9. 9.00 9.01 9.02 9.03 9.04 9.05 9.06 9.07 9.08 9.09 9.10 $30 MILLION CRYPTO STOLEN - YouTube (Jan 21, 2022)
  10. 10.0 10.1 10.2 Crypto.com The Most Secure Crypto Platform Worldwide Adds SOC 2 Compliance (Jan 23, 2022)
  11. Crypto.com Homepage (Jan 22, 2022)
  12. Crypto.com About Page (Jan 22, 2022)
  13. Security - Industry-Leading Security Infrastructure | Crypto.com (Mar 13, 2023)
  14. Crypto.com CEO admits hundreds of customer accounts were hacked - TechCrunch
  15. 15.0 15.1 15.2 15.3 15.4 15.5 15.6 15.7 2FA compromise led to $34M Crypto.com hack – TechCrunch (Jan 22, 2022)
  16. Formula 1 announce Crypto.com as inaugural global partner of the F1 Sprint series | Formula 1 (Jan 22, 2022)
  17. 52.55312294 Bitcoin Withdrawal Transaction From Crypto.com - OXT Research (Jan 23, 2022)
  18. 52.55312294 Bitcoin Withdrawal Transaction From Crypto.com - Blockchain.com (Mar 16, 2023)
  19. Crypto.com Security Report & Next Steps - Crypto.com (Jan 23, 2022)
  20. 20.00 20.01 20.02 20.03 20.04 20.05 20.06 20.07 20.08 20.09 20.10 20.11 Crypto.com Security Report & Next Steps - Crypto.com - Jan 20, 2022 (Mar 20, 2023)
  21. Crypto.com - "We have a small number of users reporting suspicious activity on their accounts." - Twitter (Mar 29, 2023)
  22. Dr. Peter Wong - "trying to withdraw money from their site, and it is being repeatedly denied" - Twitter (Mar 29, 2023)
  23. 23.0 23.1 PeckShield - "The @cryptocom loss is about $15M with at least 4.6K ETHs" - Twitter (Jan 23, 2022)
  24. 24.0 24.1 Kris Marzalek - "Some thoughts from me on the last 24 hours" - Twitter (Jan 23, 2022)
  25. Kris Marzalek - "the support we received from the community both publicly and in DMs" - Twitter (Mar 30, 2023)
  26. 26.0 26.1 "Crypto.com CEO acknowledged the hack but said customer funds were not in any danger" "the funds stolen were immaterial to the business" - TheBlock (Mar 16, 2023)
  27. 27.0 27.1 BloombergLive - "CEO @cryptocom’s Kris Marszalek discusses the site's recent hack" Twitter (Mar 22, 2023)
  28. Saint_Pump - "got logged out of the app and then asked to set up a 2fa as if I had never done it" - Twitter (Mar 29, 2023)
  29. 52.55312294 Bitcoin Withdrawal Transaction From Crypto.com - OXT.me (Mar 16, 2023)
  30. ErgoBTC - "We noted this abnormally large withdrawal" - Twitter (Mar 16, 2023)
  31. ErgoBTC - "The 271 BTC then make a series 24 or 25 BTC deposits" - Twitter (Mar 16, 2023)
  32. ErgoBTC - Analysis Of Funds Laundering - OXT.me (Mar 16, 2023)
  33. ErgoBTC - "This tumbler has been commonly used in hacks attributed to the DPRK Lazarus Group" - Twitter (Mar 16, 2023)
  34. 34.0 34.1 ErgoBTC - "Still no acknowledgement of loss, despite large outflows from the custodial wallet" - Twitter (Jan 23, 2022)
  35. 35.0 35.1 ErgoBtc - "Great that crypto dot com appears to be making its users whole" - Twitter (Mar 16, 2023)
  36. Lost Funds From Crypto.com Hack Now Exceed $33M - BeInCrypto (Mar 29, 2023)
  37. Crypto.com breach may be worth up to $33M, suggests onchain analyst (Jan 23, 2022)
  38. ErgoBTC - Crypto.com Post-Mortem - Twitter (May 20, 2023)
  39. Crypto.com Security Report & Next Steps - Jan 20th 12:38:21 PM UTC - Crypto.com (Mar 21, 2023)
  40. Crypto.com Security Report & Next Steps - Jan 20th 2:38:47 PM UTC - Crypto.com (Mar 21, 2023)
  41. Crypto.com Security Report & Next Steps - Crypto.com - January 21st 00:59:54 UTC (Mar 28, 2023)
  42. Crypto.com Security Report & Next Steps - Crypto.com - January 21st 02:00:37 UTC (Mar 28, 2023)
  43. Crypto.com Security Report & Next Steps - Crypto.com - January 21st 08:14:03 UTC (Mar 28, 2023)
  44. Crypto.com Security Report & Next Steps - Crypto.com - January 21st 10:27:09 UTC (Mar 28, 2023)
  45. 45.0 45.1 Zaky - "No they didnt...I am one of them." - Twitter (Mar 22, 2023)
  46. 46.0 46.1 Zaky - "em[ai]l was swapped and they play with us stupid game that we use wrong email." - Twitter (Mar 22, 2023)
  47. 47.0 47.1 Scott Weaver - "I am still without reimbursement..." - Twitter (Mar 22, 2023)
  48. 48.0 48.1 Scott Weaver - "They have not even come close to paying back all funds. To this date I have yet to get back anything." - Twitter (Mar 22, 2023)
  49. Crypto.com breach may be worth up to $33M, suggests onchain analyst - CoinTelegraph (Mar 20, 2023)
  50. Sim1More - "Paying back all funds in full is definitely a great start and @cryptocom did it!" - Twitter (Mar 22, 2023)
  51. Lawrence - "Lost my crypto money still can’t long in" - Twitter (Mar 22, 2023)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Crypto.com_Withdrawals_Triggered&oldid=3183"