Singapore-based digital wallet provider and trading platform Crypto.com tweeted on Jan. 18 that “a small number of users experienced unauthorized activity in their accounts” — and also that “all funds are safe.” This news shook the crypto economy, and many investors began discussing security protocols in the immediate aftermath.
As a precaution, the certified Crypto.com account stated that users would be required to “sign back into their App & Exchange accounts,” and “reset their 2FA.”
Crypto.com shut down withdrawals for roughly 14 hours while they made security updates, noting in a tweet that “this update will be rolled out to users progressively over the next few hours.”
Some users of the service reported having funds stolen from their accounts on Jan. 17, including a crypto influencer who goes by the name “Ben Baller.” Baller tweeted: “I messaged yah [sic] guys hours ago about my account having 4.28ETH stolen out of nowhere and I’m also wondering how they got passed [sic] the 2FA?”
However, this user followed up with a tweet that Crypto.com had restored his missing funds. Speculation abounds as to whether Crypto.com retrieved stolen funds or simply reimbursed users out of pocket. Gizmodo reported that Crypto.com declined to answer questions emailed by Gizmodo on Jan. 17.
CoinDesk reported that $15 million in ETH, reportedly stolen from Crypto.com, was being laundered via Tornado Cash — an ETH mixer protocol — according to data discovered on the blockchain.
ETH mixers are designed to improve transaction privacy by obscuring the on-chain connection between the source and recipient, CoinDesk says. But the anonymity on the platform also makes it a prime venue for coin laundering.
However, Tornado Cash co-founder Roman Storm had previously told CoinDesk that the service “includes a cryptographic note in the transaction history of ether sent through its pipes.” This note can determine where funds originated. During that interview Storm also said, “We are in a little bit of a different situation… I think for us it’s very important to become compliant.”
Is Your Crypto Safe?
The missing funds — and the temporary Crypto.com shutdown — invite the question: Is your cryptocurrency investment safe?
Measures such as two-factor authentication and encryption technology (similar to what’s used by banks and other online financial institutions) help crypto wallets and crypto exchanges maintain security.
You can keep your investment secure by making sure to access your crypto wallet via a secure internet connection (not a public WiFi network), as well as by creating a hard-to-guess password and keeping it secret.
Related: Buying Crypto in 2022? Do This First
Additionally, choose a crypto wallet that offers insurance against theft, such as Coinbase.com, which is the largest crypto exchange in the U.S. Coinbase also stores the vast majority of its funds offline, in U.S. banks, money market funds, or U.S. Treasury bonds.
Crypto.com also fits the bill, reporting on its site that 100% of user cryptocurrencies are held offline in cold storage. The company has also taken other measures, including multi-factor authentication for transactions, whitelisting external email addresses required for withdrawals, and including security features baked into the app. The fact that Crypto.com responded quickly and publicly to the reported theft — and that one user’s stolen funds were seemingly returned — may provide some measure of comfort to crypto investors.
If you have a large amount of crypto, you may consider investing in your own cold storage wallet — a hard drive that you take offline when you aren’t actively transferring funds.
After the reported hack of Crypto.com, Bitcoin was down 1.58% on the morning of Jan. 18. ETH had dropped 3.12% during that same time span, according to CoinDesk.
More From GOBankingRates
This article originally appeared on GOBankingRates.com: $16 Million Reportedly Stolen From Crypto.com — Is Your Investment in Jeopardy?