Crypto.com
HackedExchange · $CRO · born 2016 · ✝ 2022
Withdrawals slipped past 2FA in a quiet January breach.
Crypto.com is a major centralized exchange that suffered a breach in January 2022 where attackers pushed through unauthorized withdrawals from hundreds of accounts. The company initially downplayed it before disclosing the loss and reimbursing affected users.
- Peak
- ~$33.7M stolen
- Cause
- Hacked
- Year of death
- 2022
☠️ Cause of death
Compromised credentials and a flaw that let withdrawals bypass two-factor authentication allowed funds to be moved without proper approval.
📓 Lessons left behind
- —2FA is worthless if a withdrawal path can skip it.
- —Disclose breaches promptly instead of denying them.
- —Reauthenticate every withdrawal, no trusted sessions.
🌱 The idea that survived
Mandatory withdrawal re-auth
Spurred exchanges to enforce fresh multi-factor checks and address allowlists on every withdrawal.
#exchange#2fa-bypass#private-key#custody