Episode 26: Hackers Steal $30 Million In Bitcoin And Ethereum From Crypto.com (2022)
2:41PM Jan 18, 2023
Welcome to Just curious media. This is that's a crime. I'm Jason Connell.
And I'm Sal Rodriguez.
All right sound we are back for another crime.
Yeah. I hope you read slowly on this one. Speak slowly read slowly because you know what, there's a lot of information to digest. This is not a simple crime.
No, it is not a simple crime. We will discuss it nice and slow song for me. And today we are breaking down the True Crime Story of the hackers steal $30 million in Bitcoin and Aetherium from crypto.com and 2022.
So Sal, this is the first card left on 2022 This is right now this is so current. Wow, this is the most recent crime we've ever talked about ever.
We're on the coattails of this crime. Wow. But before we go any further, Sal Oh, yes. How about a word from our sponsor? Support for that's a crime is brought to you by manscaped who is the best and men's below the waist grooming and offers precision engineered tools for your family jewels? Join over 4 million men worldwide who trust manscaped and with this exclusive offer, you'll get
20% off and free worldwide shipping with the code. That's a email@example.com Very good.
Okay, back to the hackers. So sound much like on our earlier episode illegal Bitcoin mine rated in 2021. Perhaps it's best to start with a few definitions of maybe Bitcoin and Ethereum, just real basic stuff. We're going to take a leap of faith that people have heard of cryptocurrency by now.
I'm going to assume that I mean, or at least know just enough to be able to follow along.
Yeah, exactly. So Bitcoin is a decentralized digital currency that you can buy, sell and exchange directly without an intermediary like a bank. And bitcoins creator, Satoshi Nakamoto, originally described the need for an economic payment system based on cryptographic proof instead of trust. And that's really
it. I liked that idea. I like why, you know, I like that because currently before cryptocurrency, really you have to involve a bank. Exactly at some point while transaction Yeah, whether it be a cheque or even Venmo, whatever,
even PayPal, anything has a bank backing.
There you go. And I never liked the idea that you have to involve a bank. Yeah, like I always kind of resented that, that we have to have the bank involved, which is why I was a big fan of cash and still am a big fan of cash. I feel like cryptocurrency is for the lovers of cash. Like it may seem counterintuitive that well if you love cash, why would you like crypto? But crypto would be like cash, unlike cheques and pay pals, right, right.
I wish we lived in a barter system.
The barter town.
I got it. I'll give you that haircut. If I get this in exchange, though. And you get a lot of bartering stuff there so you could barter your way all over the place with all that collection behind you.
I understand collectible toys will be the currency during the apocalypse, you are
ahead of the curve way ahead. So now Aetherium is a platform powered by blockchain technology that is best known for its native cryptocurrency. But it is also a programmable blockchain that finds application in numerous areas, including defy decentralized finance, smart contracts, and NF TS non fungible tokens. And so in layman's terms, NF T's are essentially one and a kind digital assets. I'm sure you've heard of them. Now a lot of buzz going on. And I gotta say this as well, the founder of Aetherium. He founded it 21. He's 27 Now, but Victaulic Buuren. Unbelievable. This guy, obviously kid genius.
Well, he's going to be I don't know if he's already, but we'll be on the famous Forbes 40 under 40.
There you go. Yeah, should be on the 30 list,
too. Yeah, it doesn't make me feel bad about my life at all.
Now, as far as crypto.com goes, I mean, this is the well known cryptocurrency exchange. And I've heard of them I have, but personally, I use Coinbase and Voyager as well as Robin Hood for my very minor crypto holdings I should have, but I was aware of crypto.com thought about using them but kind of went with these other platforms instead for whatever reasons. But crypto dot coms popularity has been growing. I've noticed and most recently, they're running this viral commercial you may or may not have seen with Matt Damon in it. I haven't seen that one. You haven't seen it? Well, it runs a lot during football games. And also, I'll go to the movie theater and then there's the commercial again. So it's getting lots of airtime. And I'm just curious if it's Matt Damon because he played Will Hunting a mathematician is there any connection there? Or is it just because we trust Matt Damon so much?
I forgot that he was a mathematician. I remember him being a genius in Goodwill Hunting. I don't remember his topic. Well, he was
a genius who they tried to make be a mathematician, but he could figure all those things out. So he's so brilliant. He knows all the you know, here's all the answers. So, anyway, maybe there's a tie in there. But you know, speaking of celebrities beyond Matt Damon, there's commercials running constantly with Tom Brady endorsing FTX, which is another cryptocurrency exchange. So it's obviously a growing force these exchanges celebrities getting behind it. So what what happens when you have more eyeballs and traction, you become more of a target? As you know,
Jason, let me ask you this question. I don't necessarily expect you to know the answer to this. But what's the end game for these cryptocurrency companies? Is it to just abolish the US dollar or actual tangible currency? Do they want to eliminate cash? What is the end goal in mind here?
Yeah, there's some maximalists, who would probably agree with that, I am not of that, like, oh, the dollar is dead, it's got to be digital currency. I don't think anyone wants to be left behind. So even that commercial with Matt Damon, that's what it's about, like, take a leap forward, you know, these moments in time, and he's kind of like in the National Museum, or, or maybe even the Smithsonian, but you've seen an inventor, and he's like, this is that next step, go with us into the future. I think that's part of it, no one wants to be left behind. And there are these maximalists who say, Here's every reason why your dollars not gonna be worth anything in three years. So I like to kind of never be on one side or the other, just kind of in the middle. I'm interested in it. But I'm small player. These platforms are competing against each other. So they're trying to get customer bases. I mean, even when I was learning more about it, there's a lot of you know, FTX wasn't even around that I knew of. So look for them more and more making a splash. Obviously, they have some money to run this type of commercial. And I'm not going to stop there. This is news to me. I didn't know this. But crypto.com made a splash recently with a $700 million deal to rename the Staples Center in Los Angeles, now will be called crypto.com. Arena. And that actually happened. Christmas 2021 Christmas day. So it's already a done deal. The Lakers and the Clippers will be firstname.lastname@example.org Arena concerts. That Grammys, I'm like, wow, that's big time. South.
That is big time. But but I'm also concerned that it's went from a center to an arena. Is it no longer a center?
Yeah, I don't know why they came up. Yeah, they shrunk it. And yeah, I don't know. Maybe crypto.com center was just too clunky. Not sure.
You know, I just want to say this for the benefit of anybody who's still learning about crypto or still has questions about crypto is that it's happening? You cannot deny that is I was in arco buying gas and lottery tickets. And I see a Bitcoin ATM. There's an ATM says Bitcoin. So I guess you go up, put your card in and you can exchange some of your Bitcoin net worth for what 2030 bucks. How much you're going to take out of the ATM at the at arco, what 40 bucks,
whatever you want a couple 100 I mean, it's all I'm sure it's on the fractional withdrawal system. Whenever I bought crypto, I'm not buying whole Kryptos it's like all fractional. So yeah, they might go up and say give me $100. It's like an ATM. But I don't advise that it's such a volatile thing. The early one has spent $100 It goes back to that guy who bought two pizzas worth, you know, billions of dollars of crypto now. So what when do you really want to start using it right now there's a lot of people are just becoming holders, hoarders, they're just getting it and seeing what happens. So I'm not that fluid where I want to spend it. Now I do have a couple of Dogecoin. And more platforms are using that now like AMC, and other things are like, Hey, you can use your Dogecoin. Well, that's under $1. Right? So if you're spending that, the chances of that hitting these highs that we're seeing with Bitcoin and Aetherium I'd be more apt to use that. But I have a card from Coinbase. However, there's a transactional fee and Sal, I hate transactional fees. So I've never used it to, to spend any Doge or anything like that.
I hate fees, too. And I remember I, you know, I always say back Back in my day and the Internet back in the early internet. You didn't have to pay any fees and there was no service free. That's how they got you to buy on the internet is by telling you there's no fees. Now that everybody's online, they're like fees are back and we're like, oh, and I'm like back in my day. And I'm the old guy. I know. But anyway, my point is Jason, ATMs at the arco Yeah, it's here it's happening. Look around. And yes, don't miss out. I would just caution anybody and I'm saying this for myself and others do not miss out because it's happening now.
It is so as for the crime that we're here to cover. Oh yeah. But the hackers on January 17 2022. Also, Martin Luther King Day crypto.com was attacked by cyber criminals who breached its security systems and made off with more than $30 million in stolen Bitcoin and Aetherium Oh, and there's no information at this time as far as we know who did it. So I'm assuming there's no arrest and sounds bigger question. Are you missing any crypto?
Yeah, I am, I'm missing two. I left them Bitcoin in my other pants.
Now you're not in the crypto space just yet, as far as I know yet.
No, no, no, but I'm still trying to learn the stock market. Now all of a sudden, they pulled the rug out from under.
So as for the cyber attack, crypto.com said the hackers managed to bypass its two factor authentication system. And it's also known as two FA they use this little lingo and we'll use it in this episode a lot, but they would drew the funds from 483 Customer Account sale. So they got in there, got access, and we'll talk more about that shortly. But let's go over the totals first, and the unauthorized withdrawals totaled. We'll go ahead and tell us
443 point 93 bitcoins 4836 point 26 Aetherium and approximately 66,200 US dollars in other currencies, right.
Yeah. But so I included the day's highs below for you to take a look at on that particular day. Because it's such a volatile market, it's hard to really know. But what those two cryptocurrencies were worth at that time,
Bitcoin was at 43,179 Point 39 and Aetherium 3355 point 82.
Now, again, those were the highest for the day. But if you took you know, I kind of went off what I read, and here's how much was stolen approximately 18 point 6 million in Bitcoin 15 point 2 million in Aetherium. That's a lot of money that gets you over the 30 million markets just north of that. And you can see the big disparity, and the two people like Well, that's Bitcoin started off, I'm talking go back a few years, several years, it's 1000 2000 hits these new highs and stays and sometimes it peaks, it was like 65 Recently, and then it's back down. But Aetherium, they don't just have a currency, as I said earlier, they're also a platform that people can make NF t's on. So I've always said like, that's a very robust, great market to be into, because it's not just this coin that's gonna go up and down, like Doge is this kind of like fun, mocking coin, you know, that came out a joke coin, you know, it's like a dog Dogecoin. But if there is an amazing platform, now the number is far apart, but Aetherium is also very, very valuable. But you can see how much was stolen from each and I'm a customer, I'm a small player. So I wake up in the morning and see that my accounts are dipped, and I didn't do it. I've never taken Aetherium or Bitcoin out of mine, I would be panicking.
Well, you'd have to exactly know how much you have. For example, it says here, withdrew the funds from 483 customer accounts. So that amount that they stole 18 point 6 million in Bitcoin 15 point 2 million in Aetherium. was spread out over Yes. 483 accounts. Right. Okay, so each of those people, I wonder how long it took for them to be made notified? Did they realize right away to the bank have to contact them? I mean, would you notice automatically, like tomorrow, if you look at your account, you're gonna know if it's something's missing,
you might get alerts, you know, like, Hey, you had to withdraw, I have alerts on so that's it. That's a transaction that would notify me and yes, that did happen. I don't get into the customers because it was not that much information. But there was a lot of panic, like, Hey, what is this? And they were tweeting, they were texting, some people just tweet. So it's answered probably faster, because they're trying to put a fire out? Well, here's some good news, just to let everyone know, all the funds that were stolen, were fully reimbursed. And so that's not always the case. I have heard horror stories in the past where crypto is gone. It's like Sorry, customer. So they were immediately and again, this is crypto.com Things are different. Now. They've got a lot of publicity, a lot of press. So they reimbursed everything but they were trying to put a fire out, appease their customers and figure out what's compromised how these hackers getting in and what can stop them and we'll get into the weeds a little bit on this in a minute. But
let me ask you this. When you say that they were fully reimbursed? Do you mean crypto.com? reimburse them? Yes, yes. Wow. Okay, you know what?
It's like Sal, you you're missing 3.5 Bitcoin, which would be pretty good money, and you're missing, you know, 30 Aetherium. It's back into your account. Now.
You know what, that's commendable. That's exactly what they're trying to
build trust isn't some fly by night operation. I mean, they got Matt Damon. So Matt Damon, and they got staples. Sorry, X Staples Center. Yeah, I'm assuming the Lakers and the clippers are gonna play there. I have not read that maybe. Who knows. But they have that place now the crypto.com arena. So according to coin desk, a publication puts out articles about 4600 a theory of the ones that were stolen from crypto.com or being laundered on tornado care. hash sow that is a platform built to improve transaction privacy by breaking the on chain link between source and destination addresses. So, hey, I stole this or I got this from you I'm overwhelmed this kind of not dark web but an arena that I can sell it and I can do a private transaction because the blockchain records every transaction. If I pay Sal Rodriguez in Bitcoin or Aetherium, that transaction is imprinted on the blockchain. It's always there, that transaction if I give you $1, who knows your $100 So this was an area that immediately money was shifted here to tornado cash and people were trying to sell them?
Well, because what once you steal the Bitcoin, you have to then launder it right?
You don't have to do that at all. I mean, I listen, I'm not in the business of stealing Bitcoin, or even Aetherium but most people would hoard it but these are hackers they're trying to make money. They're probably said, Yeah, we got all this will take pennies on the dollar. It let's go to in a tornado cash and pass these off. So very interesting. I never even heard of this.
The whole point of Bitcoin is that it's trackable and traceable. Right? I thought the whole point. One of the whole points was that you can't steal Bitcoin,
you would think but there's still enough people that can get around it, or they're hanging on to it so long. I don't understand that to me, you could always trace it back to the blockchain, but there has been a lot of people who have misused it over time. That's one of the biggest detractors that haters say, Oh, now you're gonna launder and we're not gonna know. But it's like, well, this is actually a smarter system. So there's a lot of debate on that,
for sure. Well, I think what we're learning is that we were told that theft would was preventable, or at least once the thieves stole the money. They couldn't necessarily go spend it or get rid of it. So I think the truth is, when it comes to technology, there's always going to be people who can infiltrate, there's always going to be the hackers. Yeah, always one step ahead of law enforcement, as I always say. Yes, absolutely. And not to mention crypto.com reimburse the money very nice and respectable and come into them. There's no FDIC insurance, not that I know of, Okay, what if crypto said, well, sorry, folks. What recourse do people have?
Well, they're not going to be building their business.
Okay. But in other words, you can what can they try to Sue crypto.com?
Or what I don't know. And we're only going to get into how they were hacked and how they want to prevent it. What we don't know is were they able to get to tornado cash and say, those 4600 Aetherium came from us, and we can prove it. Oh, sorry about that. Yeah. I don't know what's going on behind the scenes. It's everything's trackable. I'm sure they have a team of people hanging on to those assets. Right? And why meanwhile, keeping your customers happy. We got hacked. And here's your money back. I mean, it's good advertising for them. It's good business.
Okay, well, so far, I'm on board. I really I respect that I do.
So as for the two factor authentication to FA system in which the hackers penetrated crypto.com. They say they're sticking with it for now. So they're sticking with this system, the two FA, but not for long. And so I'm assuming you're familiar with this type of technology when you're dealing with Apple or Google when you log in, and you got to have a secondary login, right? You're used to the to FAS, right.
I think I've done that with Apple. Maybe Yeah, maybe Google to not necessarily Yahoo. Yeah, right. Probably. Yeah, Apple and Google, probably.
But for the layman out there just trying to give a basic definition. Why don't you at least break down what this type of authentication is?
Essentially, this multi step security system requires users to provide two distinct forms of identification, such as a one time passcode in addition to a password when logging into an online account, the commonly used security measure provides an extra layer of protection against weak passwords, which mine are, while being used by industry is across the board to FA is considered a must for digital currency accounts.
Okay, but now upon discovery of the breach, crypto.com revoked all customer to F A tokens and use the 14 hours of downtime from withdraw activity to revamp. So customers were then migrated to a completely new to FA and infrastructure as an additional security measure. However, such breaches raised the question of the reliability of to FA and keeping digital assets safe from hackers. So crypto.com plans to ditch two FA for true multi factor authentication MFA. Now before I go too far into that, so is your password like your cat's name and some numbers or something or your birthday? You could share with us?
It's whiskey 1973
Dun dun Sol Rodriguez got that down in my notes, but interesting. So They're sticking with this system right now, which we are you and I have dealt with. But this other system, I've also dealt with this on certain platforms. Not as many MailChimp had me do this. There's a few that it's like, okay, it's kind of a pain in the butt, I'm not gonna lie, because you usually have to have another device handy. And Apple does the same thing to like, I have Apple Watch found computer. If you log in on one, it's like, sometimes it wants you to go to the other one to get the code. But why don't you give us a real quick example, or definition or something about
MFA? Well, I will tell you this JSON before I tell you that, I enjoy this topic. As much as I respect authentication, I look at the way that it's done. I mean, because authentication can be any way from a retinal scan your fingerprint on your phone, right? You can have the passwords, you can have the will send you the text, and you give us the passcode. And all that. I'm thinking that my favorite is voice. Yeah, voice authentication, which isn't used that much. And as podcasters. I love the most, because I have used voice authentication. And I would imagine that has to be one of the most reliable.
That reminds me of the movie sneakers. You ever see that movie? Robert, right? They use voice authentication? Well, in the movie, there was a scene where it's like, they had to get his voice. And he's like, my voice is my password. And they got a guy. They got him saying it. And they use that to get in the building. And this was like, early 90s. So they were cutting edge. Very cool. You're right.
They're still using that today. I just recently did some sort of voice authentication, I think maybe with the utility company or something like that. Yeah, they use that. So anyway, I like to think that that's a reliable one. Because otherwise they're sending me codes or sending passwords.
I have to say, however, you've brought up a good point, we are podcasters our voice is out there on many, many episodes that someone could take that, slice it up and get access to everything. Really.
Somebody could take our voices and get access to our accounts. Well, hey, good luck, people.
Good luck. Good luck.
I don't know they may get some bitcoin from you for me. No, no, no, no, no. Walmart action figure accounts is what they're gonna get. But let me answer your question, true multi factor authentication, or MFA, a common example of multi factor authentication is using a password together with a code sent to your smartphone to authenticate yourself. Another example is using a combination of a card something you have and a pin something you know, that's common. Yeah, use that for sure.
Absolutely. And I do like it. It is a pain. But as we're dealing with things, I've thought about this, I mean, listen, there is something to be said about crypto as well. If you ever lost your Bitcoin codes, your numbers, you would essentially lose it. Because like missile codes, you have like cold storage. And right now I'm trusting the platforms I'm on and I'm getting I'm not like, I don't have this huge account. But it's like, oh, yeah, you have a digital wallet, you can withdraw, you know, take it out of your computer, keep it in a few safe places. But as you get into this type of technology, you realize I want more barriers, you know, I got to authenticate here, I got to authenticate there. So I used to think, Oh, what a pain but now I mean, this is yeah, next level, and I liked it. crypto.com is doing it. I'm sure the platforms I'm using are on the same path Coinbase and Voyager as well as Robin Hood. But yeah, unfortunately. So despite these efforts to go to this new tighter system, which needs to happen, of course to ensure trust and faith. Criminals, hackers, skimmer scammers will inevitably be lurking in the shadows, I'm afraid, as we've said on previous shows, as well, episodes, they're always one step ahead.
It Jason in not only stories that you and I have covered on that's a crime, but just flipping through the web and reading about other cyber crimes. Is it just me or is nobody ever caught?
Totally. Well, we had we did have a hacker get caught. Remember that guy.
Which guy was that?
Oh, yes, yes, yes. He was a pretty clean and the fake invoice. Yeah.
But he did very well for a long time and probably too well and milk it too much. But that was a catch. And I was happy to see that. So
okay, well, okay. Well, I you know, I have mixed emotions about the whole thing. I'm not like hating the guy who robbed crypto, you know, right. It's not like you stuck a gun in someone's face and stole their wallet, you know, that that guy went off the street. These people? Of course, I don't want them doing this. But at the same time, I mean, how would them robbing crypto affect you mean that your account may be at risk now? Right? It's not that you're going to lose anything from this because, you know, they say all the retailers for years, it because of shoplifters is why our prices have to go up. They will always blame the shoplifters when they raise the price. Or all these companies now can blame the cyber thieves, these hackers whenever they raise their fees or prices. Well, I say
stop the hackers do your best. If the attack was so severe, and then we're not talking 30 million let's just say it was 300 million a billion. Could they really pay all that out? So I mean, be leery. I also went with a few accounts because hey, Whether if this person went sketchy and I like to diversify my minor micro holdings, but but still work with a few companies don't put all your eggs in one basket and just stay up on things. So this is very recent. This won't be the last time it sure as heck wasn't the first time hackers hit somebody, and will probably come back and do more crypto crimes like
I have a feeling we will be here again for this.
We keep coming back and covering everything Sal from what exactly?
That's a crime covers everything from a misdemeanor to a murder that we do. And I mean that we do you know what, this is absolutely true. Jason, you know, I just came back from Arizona. I was talking to a friend told him about that's a crime. The first thing he asked me was, do you guys talk about dB Cooper? Absolutely true. No, you're kidding me. He'd never heard our show. And he asked me if we talk about dB Cooper. And I'm like, that was our premiere episode.
That's how we launched. That's awesome.
And he and I talked about what a perfect crime that was. So you know what, it's almost like that crime. The DB Cooper crime. Kind of set the standard for crime, as far as I'm concerned.
Yeah. A great episode. So if you haven't heard that one yet, please go back to our first episode. But you know, we're in our 20s Now, this is like our 24th crime or something like that. So a lot more to come super exciting style. And that covers the hackers steal $30 million in Bitcoin and Aetherium from crypto.com in 2022.
Nice. Well, I'll be back next time for sure.
So unlock your confidence and always use the right tools for the job with manscaped
get 20% off and free shipping with the code. That's a email@example.com
Thank you so much for listening. And please be sure to subscribe to the that's a crime podcast as well as the that's a crime YouTube Live Channel. You can also really help us by giving the show a five star rating on Apple podcast.
And for all your listeners that enjoy sharing your thoughts. You can leave us a review on Apple podcasts, send us a direct message or post a comment on any that's a crime social media platform.
We also highly recommend checking out our other podcast and visiting just curious media.com