Crypto.com Was under Hacker Attack. All Withdrawals Are Suspended

me1stt on 18/01/2022 - 02:27

Their visa card is quite popular here, so just wanted to share the post I saw on reddit just now.

During the night some hackers apparently found a way to bypass password and 2FA and managed to withdraw coins from some users account.

Some users woke up this morning with their balances empied.

Crypto.com temporarily suspended all withdrawals for all users and it's investigating.

Officially just few users were affected. Looking at Twitter, it seems a bit more than just few.

Check your account and if you see any suspect activity, contact the customer support asap!

Crypto.com said that all funds are safe, not sure if they're talking also about people who already lost their coins though.

Official tweet:

We have a small number of users reporting suspicious activity on their accounts. We will be pausing withdrawals shortly, as our team is investigating. All funds are safe.

https://twitter.com/cryptocom/status/1482936866001207296?t=a…

UPDATE: According to a new tweet, the problem is solved but users must login again and reset their 2FA in order to reactivate withdrawals

Origianl post link: https://www.reddit.com/r/CryptoCurrency/comments/s5zcma/cryp…

Financial

Related Stores

Crypto.com
Crypto.com

Comments

  • mmd on 18/01/2022 - 02:33
    +13

    Just checked, my $3 is still there

  • bobwokeup on 18/01/2022 - 02:43

    Was wondering why I had been logged out. Glad my balance was all there.

  • rektrading on 18/01/2022 - 02:51
    -1

    Users should always practice safe risk management and keep their assets in cold wallets until they're ready to spend them.

    Cold wallet > Tx to CEX > swap token > spend > Tx leftover tokens to cold wallet

    • netjock on 18/01/2022 - 09:29
      -2

      That is like saying you should take your savings out from your bank account and put it into a safe deposit box.

      • MrFunSocks on 18/01/2022 - 10:34
        +3

        Not quite. Banks have guarantees that if they go bust or lose your money you will get it back. Crypto Exchanges don't.

        With exchanges your money is in their wallet essentially. You're not the only one with access to it, and there is no legislation around exchanges forcing them to provide what is essentially insurance like a regulated bank does.

        If you're not making any trades, your crypto should be in your private wallet, not on an exchange. A few exchanges have just disappeared lately, along with all the money that was on them, and there's not a single thing anyone can do to get their coins back.

        • rektrading on 18/01/2022 - 10:50
          +3

          It makes sense that nocoiners that want digital assets to go to zero would advocate that users leave their digital assets on CEX just in case they get hacked. They'll be the first to say "I told you so. Crypto is a scam".

          CEX is NOT legacy banks. They're centralized exchanges used for trading.

          A cold wallet is the only sovereign place to store digital assets.

          "Not your keys, not your Bitcoin."

        • netjock on 18/01/2022 - 11:38
          +2

          Banks have guarantees that if they go bust or lose your money you will get it back. Crypto Exchanges don't.

          Crypto crowd doesn't want you to know that. It is the same as there is no help desk to call if you have it on cold storage and throw it out and it ends up in the tip.

          your crypto should be in your private wallet, not on an exchange

          That is like having your gold bars at home and then having to find a gold dealer when all the crypto exchanges have been going bust.

          They don't call crypto the wild west of finance for no reason.

          • rektrading on 18/01/2022 - 11:50

            @netjock: Everyone that I know (inc myself) that has a vested interest in this industry always educates newcomers to practice safe risk management.

            "Not your keys, not your Bitcoin." is the number 1 rule that they keep repeating over and over again. Number 2 is make a copy of the private key/seed words, keep to private and safe at all times.

          • MrFunSocks on 18/01/2022 - 13:35

            @netjock:

            That is like having your gold bars at home and then having to find a gold dealer when all the crypto exchanges have been going bust.

            Better than the crypto exchange going bust and you losing all your money.

            • netjock on 18/01/2022 - 17:06
              +1

              @MrFunSocks:

              Better than the crypto exchange going bust

              You got the point. Crypto exchanges goes bust left right and centre. You don't see stock exchanges going bust left right and centre.

        • bonezAU on 21/01/2022 - 09:18
          +1

          Crypto.com are switching from 2FA to proper MFA shortly, and introducing a program called WAPP, which protects you for up to $250,000 worth of assets. Full details aren't available yet, but it's a step in the right direction IMO.

          The problem with saying "you should keep your assets in a cold wallet" is that many CEX platforms offer attractive interest rates on your idle crypto so it's quite enticing to want to earn. At the end of the day though, it's up to the individual to assess their own risks and make an informed decision - a bunch of people on the internet can't do that, as everyone's personal situation and risk categories are different.

          They made the announcement about WAPP here: https://crypto.com/product-news/crypto-com-security-report-n…

      • rektrading on 18/01/2022 - 10:35
        +2

        Users shouldn't confuse CEX with legacy banks.

        "Not your keys, not your Bitcoin."

        • netjock on 18/01/2022 - 11:36

          "Not your keys, not your Bitcoin."

          "Not your keys to your safe deposit box, not your stuff in the safe deposit box"

          • rektrading on 18/01/2022 - 11:40

            @netjock: Always have backup keys to backup keys.

            • netjock on 18/01/2022 - 11:49

              @rektrading: And pray you won't throw out the piece of paper or format your drive or cloud sync across all back ups therefore one deletion all deletion.

              Link this genius at backing up: trader loses $1.6m

              • rektrading on 18/01/2022 - 11:51

                @netjock: Everyone that I know (inc myself) that has a vested interest in this industry always educates newcomers to practice safe risk management.

                "Not your keys, not your Bitcoin." is the number 1 rule that they keep repeating over and over again. Number 2 is make a copy of the private key/seed words, keep to private and safe at all times.

                • netjock on 18/01/2022 - 11:54
                  +1

                  @rektrading:

                  Everyone that I know (inc myself) that has a vested interest in this industry

                  Like real estate investment seminars that are made out to be for the good of the newcomers.

                  Every nobody is trying to peddle crypto on Youtube and Twitter.

                  • rektrading on 18/01/2022 - 11:56

                    @netjock: I work in the industry. Of course, I want it to flourish.

                    What you won't see is me telling people to buy X coin or token.

                    I bought some ETH below $2000 in 2021 and posted it about it. That is about it.
                    https://files.ozbargain.com.au/upload/393946/91796/0-02-0a-c…

                    Found it.
                    https://www.ozbargain.com.au/comment/11216895/redir

                    • netjock on 18/01/2022 - 12:52

                      @rektrading:

                      I work in the industry. Of course, I want it to flourish.

                      Pretty sure people in the cigarette industry has not problems telling people about smoking to help it flourish.

                      That is like asking a fish monger if the fish is good today. They ain't going to send you over to the chicken shop are they?

                      • rektrading on 18/01/2022 - 12:55
                        +1

                        @netjock: The tobacco industry and the food industry has nothing in common with Crypto.com.

                        I'm happy to discuss digital assets with you but if you can't stay on point then I'll rather go back to work.

                        • netjock on 18/01/2022 - 13:03

                          @rektrading: If you are a vested interest (work in it) then you are not unbiased. Stop pretending you're looking out for anyone else.

                          Imagine if the ASX gets hacked and you have to get hard copies of all your share certificated and put into a secure safe deposit box. Obviously the ASX employee would keep suggesting people to buy shares.

                          You have no idea what you are sounding like. In fact you sound like someone hired you to do suggestive advertising.

                          • rektrading on 18/01/2022 - 13:09

                            @netjock: It's to my understanding is that CHESS is held by the broker and not the ASX. The ASX getting hacked doesn't affect the holding.

                            Someone that has more knowledge about stonks can probably correct me if I'm wrong.

                            • netjock on 18/01/2022 - 13:10

                              @rektrading: Trying to get away from the real issue. Vested interests pretending it is good impartial advice.

                              • rektrading on 18/01/2022 - 13:29

                                @netjock: I don't know what the real issue is.

                                My original post advises users to practice safe risk management.
                                https://www.ozbargain.com.au/comment/11643042/redir

                                I say this because I want newcomers to keep their digital assets safe, make money and enjoy what this industry has to offer.

                                I understand that there are people out there that don't like that and will have a go at this industry at every opportunity they get. To them I say enjoy https://tinyurl.com/3jdjpj8t.

                              • ProlapsedHeinous on 18/01/2022 - 17:06

                                @netjock: You're doing some good trolling lad. 9/10

                                • netjock on 18/01/2022 - 17:19
                                  +3

                                  @ProlapsedHeinous: You don't know what trolling is.

                                  Check the richest man in the world who post vague pictures of dogs on Twitter and then a meme coin goes up in value but he owns none of it. Or tells people to buy this coin and then goes on TV and calls it a hustle. The same person who is meant to be saving the world with a car company but not notice he was buying an asset destroying the world until he has $3bn of it.

                            • Hearthstone on 20/01/2022 - 00:09
                              +1

                              @rektrading: CHESS is managed by the asx settlement division which is part of the ASX
                              but each user has a uniq HIN sponsored by the broker they have account with, you can have multiple brokers and end up with multiple HINs

                              The sponsor brokers are authorized to.Sell and buy shares on your behalves based only on that one particular HINs ties to the broker but all that transaction is under your name, you retained the ownership all the way through the transaction

                              It close to impossible for someone to steal your shares via hacking because they have to change the ownership of the shares and that required a lot of paperwork and checkings they will get caught out during this process

                              They can hacked into the brokers and start selling your shares but the money will automatically deposited into your banks accounts
                              They can change to a different account name but again that required paperwork’s and checking and they will get caught in the process and there is a T+2 settlement delay

                              So first they have to change the bank account before they can start selling the shares but they probably get caught out well before that

                              That why you virtually see no hacks in this sort of arena nothing is impossible but the probability is so low compared to crypto it not even worth comparing

                              And after all that you lose share or money through some nearly impossible hack you got the asx and banks protections and you get your money back

                          • FrugalDealSeeker on 20/01/2022 - 06:19

                            @netjock:

                            Stop pretending you're looking out for anyone else.

                            Would you say that do a nutritionist who recommends consultation for a healthy diet or a doctor who suggests regular medical check-ups or a teacher who recommends literacy, etc.? I am just saying looking out for someone else and having vested interest aren't mutually exclusive and you can do both.

                            • netjock on 20/01/2022 - 09:40

                              @FrugalDealSeeker:

                              Would you say that do a nutritionist who recommends consultation for a healthy diet or a doctor who suggests regular medical check-ups or a teacher who recommends literacy, etc.?

                              You can check their qualifications and there is some registration with rules for practitioners. Most of them would have enough brains to not offer advice on line that is no suited to personal circumstances in case they get identified and taken to respective professional registration bodies.

                              On the internet you can be who ever you want and sucker people with advice. Remember the big uproar about financial influencers on social media with zero qualifications.

                              Last time I checked there isn't a compulsory registration board for tech workers that can sanction, fine and deregister them to stop them practicing / giving advice.

                              • FrugalDealSeeker on 20/01/2022 - 12:14

                                @netjock:

                                Remember the big uproar about financial influencers on social media with zero qualifications.

                                IKR.

                                My comment was based on the assumption that people did their own DD.

    • OzFrugie on 18/01/2022 - 21:59

      What happens if you lose your cold wallet hardware? Is it game over or there is a way/mechanism to recover it?

      • rektrading on 18/01/2022 - 22:47

        New cold wallets will give the user a private key/seed words when it's activated. It's crucial that the user always write down the private keys/seed words, keep them private and safe. It's the only way to restore the wallet if gets lost, damaged or stolen.

        Make sure that nobody else has access to the private keys/seed words or they can restore the wallet using another cold wallet.

        • tunzafun001 on 19/01/2022 - 00:05

          I guess this means a cold wallet seed phrase must be on a Ledger database somewhere so that a backup can be made? And if someone can hack that…

          • SBOB on 19/01/2022 - 06:24

            @tunzafun001:

            cold wallet seed phrase must be on a Ledger database somewhere

            no, it's not anything that's stored

            It's a combination of words (so easily human readable) to produce a cryptographically strong key.
            You write down the words, don't put them online and keep them safe somewhere.

            Eg a bip39 encryption (using 12 words) results in a 2^132 number of possible key combinations, based on the 2048 words in the library.

            https://en.bitcoin.it/wiki/Seed_phrase

        • OzFrugie on 20/01/2022 - 00:09

          Would u recommend storing it in password mgr like Bitwarden and lastpass or still risky?
          Any cold wallet recommendations?

  • Hybroid on 18/01/2022 - 05:00

    Interesting. Wonder if people that lost coins will be reimbursed. Guess this is why offline wallets are recommended. As long as you don't lose them.

    • SBOB on 18/01/2022 - 07:38

      Wonder if people that lost coins will be reimburse

      Complimentary Lakers tickets.

      • avoidfullprice on 18/01/2022 - 08:01
        +1

        compensate with another month of free Disney plus subscription, and $5 cashback

    • Hearthstone on 18/01/2022 - 13:09
      +1

      that the price of the wild west, you are on your own, you cant have it both ways
      only highly regulated banks and stock market exchange has such protection

  • FrugalDealSeeker on 18/01/2022 - 07:36
    +1

    Their app is rubbish anyway… I just use it for free Spotify.

    • scanuck on 18/01/2022 - 08:47

      I didn’t know about this hack.

      Do I have to wait 180 days (the CRO staking period) before becoming eligible for the Spotify/Netflix rebate?

      • FrugalDealSeeker on 18/01/2022 - 09:11
        -1

        When I signed up I think it was about 2500 coins purchase (the app is not loading as usual so can't verify atm) for ~A$200 in late December 2020 and I received my card in late January 2021. If you use that card to sign-up for Spotify (Singapore) you get 100% cashback on your purchase (in CRO coins). Now they have increased the Spotify tier to 5000 coins which are about USD 2200 @ $0.43.You get your card in a month but you can't withdraw it for 6 months and then if you do, you'll lose your benefits and have to stake it again for 6 months. I got 800% ROE so I am happy but would not recommend it if you want to start now. The excess stress you have while using the app is not worth it.

        • Shadowsfury on 18/01/2022 - 09:39
          +2

          Not quite right here - things have changed.

          Now its based on dollars rather than number of coins. There's now Australian issued visa cards so no need to go through the hoops there were with Singapore issued ones. There's $500, $5000, $50000, $500000 tiers instead of number of coins.

          • FrugalDealSeeker on 18/01/2022 - 11:57

            @Shadowsfury: Fair enough I just use it to charge my supercharger using cashback coins every few months and accept the allocation but otherwise, the app gives me an aneurysm.

            $500000

            Funny how they expect people to deposit this much through a shit app that cost perhaps $5000 to make (if I am being generous).

            • Shadowsfury on 19/01/2022 - 10:05
              +2

              @FrugalDealSeeker: Supercharger is an absolutely TERRIBLE yield - you will earn more in basically anything else
              12+% if you use defi wallet
              6% if you chuck your excess CRO into the Earn within the app

              The last ETH supercharger earned about 1.7% APR. Don't fall for the headline rate of "up to 20+%" it is misleading of them to put that there as only like 10 people actually get that

              • Soluble on 19/01/2022 - 13:24

                @Shadowsfury: The supercharger yield was much higher before CRO hit its current value.

              • FrugalDealSeeker on 20/01/2022 - 06:10

                @Shadowsfury:

                I just use it to charge my supercharger using cashback coins every few months

                This.

                12+% if you use defi wallet

                Doesn't this have like a minimum buy-in?

          • bobwokeup on 18/01/2022 - 12:46

            @Shadowsfury: Oh no kidding I didn’t know that. Nice of them to tell customers that.

            • Shadowsfury on 19/01/2022 - 10:03

              @bobwokeup: Doesn't impact existing customers who already signed up, and any new ones will see the new details on the website? What there to notify?

              • bobwokeup on 19/01/2022 - 14:17

                @Shadowsfury: True I was thinking of customers who want to upgrade. I guess it’s about the same value anyway and it would take a while to get to the next level. I want to upgrade but my wife won’t let me haha

                • Soluble on 19/01/2022 - 15:48

                  @bobwokeup: 12% on TAUD +2% in CRO was my justification!

                  • bobwokeup on 19/01/2022 - 16:26

                    @Soluble: Cheers yeah I’ve tried everything and the weekly interest would be much better… Nothing works she already thinks I’ve spent too much on it. I’m hooked so I’ll just keep doing what I’m doing.

        • Soluble on 18/01/2022 - 15:20
          +1

          The app takes some getting used to, but once you've spent some time in there it's not too bad. Not as user friendly as they make it out to be though.

      • bobwokeup on 19/01/2022 - 14:25

        No you don’t but you need to wait for the card to update the payment details as your Debit card. They reimbursed, as CRO cashback, my Netflix fees due to the long wait and I just had to show them proof. Everything takes time with CDC that’s one of the things I don’t like about their company yet they can spend millions on advertising.

    • MrFunSocks on 18/01/2022 - 10:36
      +1

      Most people aren't going to stake $5000 in CRO just to get $10 a month back (in CRO) on spotify.

      • Soluble on 18/01/2022 - 15:21
        +1

        And netflix ;)

        Then 3% CRO back on your card spend.

      • scanuck on 18/01/2022 - 17:02

        Yeah $5k seems excessive

      • bobwokeup on 19/01/2022 - 14:23

        You missed a few benefits (I haven’t bothered getting Spotify as I’m not going anywhere anyway 😂) like the 2 ones Soluble mentioned and the biggest one is that you get 10%pa interest paid weekly. You can also get egift cards for 3-10% and send CRO to mates on CDC and get up to $5 USD cashback.

        Look I don’t like the company and how they operate but the rewards are great.

        • MrFunSocks on 19/01/2022 - 17:24

          But again - it’s a $5000 investment up front. That’s simply too much for most people, especially since it’s crypto and while you get your 10% back when you stake it, that 10% could end up worth 0.0001%, or you could lose it all plus your $5k tomorrow.

          • bobwokeup on 19/01/2022 - 18:59

            @MrFunSocks: Good point I’ve always been a good saver so I don’t think about that. If you believe in crypto thought that $5k investment is so worth it though. I’ve made my money back plus some, I could cash out then invest the minimum $5k again but I’d rather keep getting the 10% on the full value.

          • yk300 on 21/01/2022 - 12:02
            +1

            @MrFunSocks: You could always get a lower tier card I guess but I think it all comes down to whether you believe in the future of crypto or not.

            • MrFunSocks on 21/01/2022 - 16:04
              +1

              @yk300: The lower tier cards don't get all the "cash" back rewards that that poster was talking about.

  • MrThing on 18/01/2022 - 08:44
    -2

    just checked my 0.1c, still there

  • Ryanek on 18/01/2022 - 09:07
    +3

    I though the stadium was under attack for a moment.

  • Seraphin7 on 18/01/2022 - 09:20
    +1

    Fortune favours the brave.

  • Jimothy Wongingtons on 18/01/2022 - 09:28

    i legitimately forgot i even had an account with this mob..log in and theres money in there damnnn

    Must have tried to apply for a card and cbf half way.

    • Soluble on 18/01/2022 - 15:23

      Possibly the referral bonus which gets locked up until you apply for the card

      • Jimothy Wongingtons on 18/01/2022 - 15:25

        no I have money in there (just a little) and also the referral thats still locked.
        Wonder if I cbf.

  • Hearthstone on 20/01/2022 - 07:57

    Another timely reminder in today AFR

    ASIC boss warns of ‘risky’ crypto investments

    Globally, the value of crypto assets has plunged from almost $US3 trillion ($4.17 trillion) in November to about $US2 trillion, as the prospect of rising interest rates causes investors to shift their asset allocation.

    More than 2 million Australians hold crypto investments.

    “I’m worried about consumer harm and the number of people in Australia exposed to crypto,” Mr Longo said.

    “We know from anecdotal and factual evidence between us and the ACCC, there is definitely an uptick in the number of scams and misconduct leading to people losing money by attempting to invest in cryptocurrencies and assets.

    “My personal warning to people is to be careful and don’t put all your money into crypto.”

    People should get educated on the risk and investment in general and if they wish to go into crypto they should know what they get themselves into

    I myself don’t invest in crypto it just doesn’t fit my investment criteria but that is just me people are free to do what they like with their money

    • Soluble on 20/01/2022 - 13:34

      2 million Aussies… How many of them hold meaningful amounts of crypto though? I speak to a lot of people who chucked a couple of hundred in and tried to day trade thinking they'd become millionaires, now they're just Shiba Hodlers waiting to make it big.

Login or Join to leave a comment
Login Join