Crypto.com Security Instance
Crypto.com’s worldwide Account Protection Programme (APP) is officially live, courtesy of the 17th January (2022) security event. A couple of users noticed unwarranted withdrawals in their accounts. In the unfortunate event, transactional approvals took place even when no 2FA authentication was initiated by the users. Thanks to its risk monitoring systems’ timely warnings, Crypto.com suspended withdrawals in the investigation period. Needless to mention, not a single instance of lost funds took place on Crypto.com.
Crypto.com is duly mindful in regards to securing the experience of its valued users. While customer 2FA tokens in entirety were revoked by Crypto.com, extra security bettering steps were taken. These needed re-login by customers plus resetting their 2FA token to only approve of authorized (future) transactions.
The total withdrawal downtime stood to be around 14 hours, whereas they restarted at 5:46 PM UTC, 18 January 2022. Withdrawals totalling 4,836.26 ETH, 443.93 BTC and US$66,200 in cryptocurrencies took place, but Crypto.com reimbursed eligible customers.
Crypto.com’s Future Security Steps
To have fresh infrastructure operate effectively, 2FA tokens for worldwide users were revoked. Compulsory 2FA policies at the frontend and backend were set for safeguarding users in the revocation period. On 18 January 2022, an extra layer of security was added to Crypto.com. This involves a 24-hour waiting period for first withdrawal after a new whitelisted withdrawal address registers.
The necessary notification messages are being sent to the customers informing the addition of fresh withdrawal addresses. A thorough audit of the whole infrastructure is concluded with the required updates done to reinforce the security infrastructure. Crypto.com duly undertakes regular “internal and external penetration tests.”
Crypto.com has also initiated third-party security agencies for ensuring extra security checks. Applying extra threat intelligence services is also underway. Crypto.com is moving to strengthen extra end-user security features. It is embracing authentic Multi-Factor Authentication (MFA), for its international user base.
What’s Next for Crypto.com?
Crypto.com has officially introduced the worldwide Account Protection Program (APP). The APP makes available extra protection and security for Crypto.com App user funds and the Exchange. Meant to safeguard customers’ funds, APP would protect against illegitimate customer account access by third parties for fund withdrawal. APP reimburses funds to the tune of US$250,000 for qualified users (subject to terms and conditions).
APP program qualification requires users to do the following:
- Turn the Multi-Factor Authentication (MFA) on for any and all transaction types (when MFA is available).
- Establish an anti-phishing code 21 days before the reported illegitimate transaction.
- Avoid using jailbroken devices.
- Register a police report and submit its photocopy to Crypto.com.
- Fill up a questionnaire providing information for a forensic investigation.
Crypto.com is in the process of finalizing the eligibility requirements and approving claims. APP will begin reaching specific markets from 1st February 2022 onwards.