Movers and SHAKERS
Image: TV Ad for Crypto.com
Have You Positioned Your Account to Not Fall Victim to a Crypto-Exchange Hack?
Storing cryptocurrency in a “hot wallet” rather than a “cold wallet” could make the difference between becoming a victim of theft or remaining secure. When inactive, crypto holders should consider locking their wallets down as tightly as possible. In the recent case of the 4600 ETH, worth almost $15m, reportedly stolen from the exchange where Matt Damon is the ad personality, it is still unclear if there will be lasting damage.
Cybercriminals are becoming sophisticated at transferring, undetected, crypto assets from digital wallets. In actual use, a digital or crypto wallet does not store an individual's crypto holdings; instead what it provides for is access via a digital key. This key allows entrance and the ability to trade online. A private key is an individual’s digital identity to the market. If someone should possess this identifier, they can engage in unauthorized transactions or transfers.
Storing assets in what is known as a hot wallet that is connected to the internet could make your assets prone to theft. The reason is there may be access to your computer or mobile device, which allows seeing this key. If the private key is instead stored as part of a cold wallet (sometimes called a hardware wallet), access to the key is unavailable to anyone remote from the hardware.
Some of Crypto.com’s Ether hot wallets were reportedly hacked this week. Users of the exchange found themselves missing assets, some with sizeable value. Crypto.com announced on Twitter on Sunday evening that an investigation into the “suspicious activity” was underway.
By noon on Monday (January 17) Chris Marszalek, CEO of crypto.com, calmed clients with the below tweet. It still isn’t clear whether funds were ever lost or not. The blockchain security company, PeckShield which describes itself on its website as “…a security company which aims to elevate the security, privacy, and usability of entire blockchain ecosystem by offering top-notch industry-leading products.” Had tweeted a dollar value associated with the alleged theft and what appears to be a list of transactions washed through Tornado.cash. Tornado.cash is an ETH-based coin mixer.
While Crypto.com reported, “all funds are safe”, there were multiple replies to the tweets complaining of missing cryptocurrency, including both Bitcoin (BTC) and Ethereum (ETH). Some of these tweets were later followed by tweets saying the exchange has restored its missing funds.
How it Happened
The attackers reportedly found a way to bypass the two-factor authentication (2FA) security measures on the exchange. When alerted, Crypto.com stopped transactions. They used Twitter to ask account holders to sign into the app and their exchange account to reset their 2FA information. The company made updates and stated once the update had been implemented, withdrawals and transactions would again be enabled.
Crypto.com appears to have been compromised by a hack of its centralized exchange in 2022. A good way to make sure if there is another attack during the year, that you’re not a victim is to make sure your access key is not available online. A cold account could go a long way to avoid becoming a victim.
Managing Editor, Channelchek
Threats to Your Personal Information
Should Investors Listen to Influencers?
The Cost of Pandemic Inspired Cybercrime in Education
Is Ethereum More Useful Than Bitcoin?
Stay up to date. Follow us: