Crypto.com CEO Kris Marszalek responded to complaints from thousands of users about issues logging back into their accounts after the company was forced to change security settings following a hack last week.
On Monday, the company admitted that 483 users were affected by unauthorized cryptocurrency withdrawals on their accounts, costing a total of “4,836.26 ETH, 443.93 BTC, and approximately US$66,200 in other cryptocurrencies.” At the time of the attack, that amounted to about $31 million.
Crypto.com said in a statement that it revoked all customer 2FA tokens and “added additional security hardening measures, which required all customers to re-login and set up their 2FA token to ensure only authorized activity would occur.”
But thousands of people took to social media since then to complain that they could not get back into their accounts. Hundreds of people tweeted at Crypto.com begging for help, complaining that support channels were not working.
When pressed for comment, Crypto.com directed ZDNet to a statement from Marszalek that was posted to Twitter on Friday evening.
“If you can’t get back into our app following access reset this week, in 95/100 cases you are simply using the wrong email to login. We don’t allow duplicate accounts with the same phone number, so you will get stuck if you are using the wrong email,” Marszalek wrote.
He urged customers to check their inboxes for emails from Crypto.com and said the “one which has it is the one you should use to login into the app.”
“If you can’t find it, or no longer have access to it, please reach out to our CS. We will authenticate you again. We are helping users with these cases one by one, but it takes time given the scale of our platform. Our team is also working on a new app release that specifically communities this via UI/UX improvements,” he explained.
“Finally, rest assured your funds are safe and waiting for you to log back in.. with the right email.”
The statement did little to assuage angry customers demanding access to their accounts.
The company initially denied reports that funds were stolen, even as PeckShield said around $15 million was being washed through a coin tumbler. By Wednesday, Marszalek was forced to appear on Bloomberg to confirm that about 400 users had been attacked and users’ ability to withdraw funds was paused.
Crypto.com created a program designed to refund users who were affected by the hack with up to $250,000. The company said terms and conditions “may vary by market according to local regulations” and that “Crypto.com will make the final determination of eligibility requirements and approval of claims.”