After shutting down withdrawals due to suspicious activity, Crypto.com CEO Kris Marszalek confirmed to Bloomberg that the exchanged experienced a security breach affecting 400 accounts on Tuesday.
Marszalek said Crypto.com "very quickly stopped" unauthorized withdrawals and lifted restrictions within 14 hours. All accounts affected were fully reimbursed, he said. Crypto news site the Block reported that withdrawals consisted of 4,830 ether, worth $15 million, and 444 bitcoins, worth $18.5 million, though Marszalek did not confirm the value.
Bloomberg reported that Crypto.com has yet to receive any communication from regulators following the breach, but Marszalek said he was prepared to share information on the theft if regulators do inquire. In the U.S., there are few federal laws governing data breaches except for health-related data, and state laws vary. Federally regulated banking organizations will have to report breaches under a new law that takes effect in April, but crypto exchanges are not yet broadly regulated on the federal level.
“Obviously, it’s (a) great lesson and we are continuously strengthening our infrastructure,” Marszalek told Bloomberg. “Given the scale of the business, these numbers are not particularly material and customer funds were not at risk.”
Crypto.com is one of the largest cryptocurrency exchanges with more than 10 million users.