Crypto.com cryptocurrency exchange suffered a hack last week resulting in a loss of $31 million.
Crypto.com, one of the world’s leading cryptocurrency exchanges, experienced a security breach earlier this week that led to the theft of $31 million in customer funds. In response, the exchange implemented enhanced security protocols designed to prevent a recurrence and to protect user assets.
After the security changes, some customers reported they could no longer access their Crypto.com accounts. The exchange issued a statement explaining the measures:
Crypto.com revoked all customer 2FA tokens and added additional security controls requiring all users to sign in again and reconfigure their 2FA tokens to ensure only authorized activity takes place.
Following these updates, thousands of customers encountered login problems. Crypto.com CEO Kris Marszalek addressed the issue and clarified the most common cause:
If you cannot access our app after the access reset this week, in 95 out of 100 cases you are simply using the wrong email address to sign in. We do not allow duplicate accounts using the same phone number, so you’ll get stuck if you use the wrong email.
Marszalek urged customers to check their inboxes for an email from the exchange and provided guidance for those who cannot find it:
If you can’t find it or no longer have access to that email, please contact our customer support. We will re-authenticate you. We are helping users with these cases one by one, but given our scale it will take some time. Our team is also working on a new app version that will communicate this more clearly through UI/UX improvements.
He reassured users that their funds remain secure and that they will be able to log in again and resume normal account activity.
The incident impacted more than 400 customers who experienced unauthorized cryptocurrency withdrawals. A total of 4,836.26 ETH, 443.93 BTC, and approximately $66,200 worth of other cryptocurrencies were reported stolen.
Crypto.com’s swift revocation of two-factor authentication tokens and the roll-out of stricter protections reflect an effort to prioritize long-term account security, even though the immediate reauthentication process has caused inconvenience for some users. The exchange has committed to assisting affected customers through its support channels and to releasing app updates that aim to streamline the recovery and reauthentication experience.
Customers affected by the breach are advised to follow official communications from Crypto.com, confirm they are signing in with the correct email, and reach out to customer support if they cannot access their registered email address. Remaining vigilant with account security—such as enabling strong, unique passwords and confirming two-factor settings after reconfiguration—can help reduce the risk of future incidents.