1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • 2FA compromise led to Crypto.com hack

    From TechnologyDaily@1337:1/100 to All on Fri Jan 21 13:45:04 2022
    2FA compromise led to Crypto.com hack

    Date:
    Fri, 21 Jan 2022 13:27:58 +0000

    Description:
    Crypto.com wants to move to "true multi-factor authentication" after incident.

    FULL STORY ======================================================================

    More details have emerged about the recent Crypto.com hack that left almost 500 customers without their hard-earned cryptocurrencies.

    The company has published a post mortem on its website in which it says that whoever was behind the theft, managed to withdraw millions of dollars in cryptocurrencies from hundreds of accounts, without inputting two-factor authentication.

    In total, 483 accounts were compromised, with more than $31 million taken - made up of 4,836.26 ETH, 443.93 BTC, and approximately $66,200 in other cryptocurrencies stolen. Security breaches and fraud

    Crypto.com did not provide more details on how it was possible to withdraw
    the tokens without inputting 2FA , and whether or not an endpoint was compromised, but it did say what it did at the moment - and what it plans on doing, going forward.

    Once it discovered the incident, the company first suspended all withdrawals from the platform, reimbursed the affected accounts, revoked all customer 2FA tokens, and added additional security hardening measures.

    Now, after a new withdrawal address is added to the account, the owner needs to wait for 24 hours before it is approved, giving legitimate owners enough time to report a potential issue.

    Furthermore, Crypto.com said it plans to move away from 2FA into true multi-factor authentication, although it did not specify what that meant, or when it might happen.

    Finally, the customers were required to re-login and set up their 2FA tokens again.

    An actual security breach on a cryptocurrency exchange rarely happens. In
    most cases, cryptocurrency theft happens through fraud, in which owners are either tricked into sending their tokens elsewhere, or tricked into giving away personally identifiable information. That information can later be used in identity theft , allowing criminals to easily withdraw funds from wallets and exchanges.

    In more recent times, with the emergence of DeFi (Decentralized Finance), a scam method known as a rugpull has risen in popularity.

    In the most simplest of explanations, a rugpull happens when a blockchain projects owners decide to remove all liquidity from the project, dropping the value of the token theyve created virtually to zero. Check out our list of
    the best firewalls available today



    ======================================================================
    Link to news story: https://www.techradar.com/news/2fa-compromise-led-to-cryptocom-hack/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)