Crypto.com, a famous virtual currency exchange based in Singapore that offers numerous cryptocurrency services, is exposed to the risk of Account Takeover (ATO). Despite implementing a Two-Factor Authentication (2FA) security strategy, Crypto.com users may still be vulnerable to ATO attacks perpetrated by attackers who manage to circumvent the 2FA measures.

When attackers successfully execute an ATO attack, they can gain access to the user's entire registration and private information stored on the crypto.com website, and they can perform all operations within the scope of the account's permissions without authorization. According to the detection by THUD TECHNOLOGY PTE. LTD.(darkweb.vc), at least 100,000 members have been impacted.

We recommend notifying the website's members of the leaked login credentials through 'Dark Web Reports', urging them to promptly update their credentials. Regardless of whether 2FA is implemented, securing leaked accounts by locking them and resetting login credentials is a robust security measure. Additionally, it’s advisable to alert affected users to change their passwords immediately. DarkWeb.vc offers highly cost-effective intelligence on login credential leaks to enterprises.