The Target: Crypto.com, a Singapore based cryptocurrency exchange app.
The Take: Theft of $31 million USD from customer’s online wallets.
The Vector: Through a credential stuffing attack, where previously exposed passwords are reused by users across multiple platforms, the threat actors executed unauthorized withdrawals from user accounts.
This breach highlights the high-risk practice of poor password hygiene like reused passwords, and more importantly, the critical nature of proper credential management through multi-factor authentication. Employing multi-factor authentication is a key part of maintaining a robust cybersecurity posture and ensuring company and customer data Is only accessed by authorized parties.