One of the world’s biggest and most popular cryptocurrency exchanges has been hit by a major data breach. Talking to Bloomberg, Crypto.com, CEO Kris Marszalek confirmed that the recent data breach resulted in funds being taken from roughly 400 accounts.
While it’s not yet known what exact sum was taken, Bloomberg estimates the losses were “in the millions,” with Marszalek confirming that all losses were reimbursed and that the company barely felt it, given its size.
Hacks and scams
“Obviously, it’s a great lesson and we are continuously strengthening our infrastructure,” Marszalek added. “Given the scale of the business, these numbers are not particularly material and customer funds were not at risk.”
The technical details of the breach, including if any endpoints from the company side were compromised by malware, are still unknown, with Marszalek promising a detailed breakdown at a later date.
Cryptocurrency exchanges and wallets are generally considered secure, with the majority of incidents happening due to fraud and identity theft, and not technical vulnerabilities. The very nature of blockchain technology, which makes it virtually impossible to retrieve the funds once they’re sent, makes it very interesting for fraudsters and other malicious actors.
In fact, the amount of funds linked to cryptocurrency-related crime rose by almost 80% last year, recent figures from the blockchain data platform Chainalysis show. Illicit addresses received $14 billion worth of cryptocurrency over the course of 2021, up from $7.8 billion the year before, the report says.
However, total transaction volume across all cryptocurrencies rose by 567% from 2020 highs, totaling $15.8 trillion. In total, transactions involving illicit addresses accounted for just 0.15% of overall traffic.
Most crypto frauds these days revolve around so-called “rugpulls”. A rugpull happens when the project’s developers siphon out all of the liquidity out of their token, leaving investors with virtually zero value in their investments. This is, obviously, a heavy oversimplification of the method, but the result is the same.
Besides rugpulls, people fall for the age-old “I’ve sent Elon Musk 0.1 BTC and he’ll return 1.0 BTC tomorrow” fraud so often that a Twitter bot is able to track known “fake Elon Musk” addresses, reporting when people send their hard-earned crypto assets.