The company conducted an internal audit and engaged third-party security firms to check its platform after the breach, it says. The additional measures include a mandatory 24-hour delay between registration of a new withdrawal address and the first withdrawal, so users will be notified and have “adequate time to react and respond” by contacting the team if the withdrawal appears to be unauthorized. The company “revoked all customer 2FA tokens and added additional security hardening measures” before asking customers to log back into the platform and set up their 2FA tokens again, the company says. When TechCrunch reached out for more details, the company declined to comment on the breach outside of the statement issued today. Today’s statement said detected the suspicious activity on Monday where “transactions were being approved without the 2FA authentication control being inputted by the user.” The site suspended all withdrawals for 14 hours to investigate the issue.Ĭ did not say how the attacker was able to approve transactions without triggering 2FA, which is mandatory for all users. CEO admits hundreds of customer accounts were hacked
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |