Up to $26 million worth of cryptocurrency has been exfiltrated from cryptocurrency investment and trading company Kronos Research after a cyberattack that involved the breach of certain application programming interface keys, reports The Record, a news site by cybersecurity firm Recorded Future.
Trades have been temporarily stopped following the incident, according to Kronos, which reassured that it will be covering all losses stemming from the attack.
Attackers leveraged compromised API keys to steal 12,800 ETH from Kronos and then spread across six different wallets, which Cequence Security Hacker in Residence Jason Kent said was indicative of inadequate cyber defenses on the part of Kronos.
"At a crypto company, you'd think the concept of a modern API Attack would be well understood," said Kent. Meanwhile, a report from CertiK noted that the Kronos attack highlights the growing use of stolen private keys in intrusions against cryptocurrency platforms, with such a technique accounting for over 50% of cryptocurrency hacks this year.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news