Crypto.com Sent $400M to the Wrong Recipient. Then Got It Back

About three weeks ago Crypto.com "mistakenly sent 320,000 in Ethereum (~$416 million USD) to another cryptocurrency exchange, called Gate.io," reports the Verge's storystream (citing a report from Web3 Is Going Just Great). In a post on Twitter, Crypto.com CEO Kris Marszalek says the company was supposed to send the crypto to one of its cold, or offline, wallets, but accidentally sent it to a "whitelisted" address belonging to its corporate account at Gate.io.

This all unfolded after Marszalek publicly posted the company's cold wallet addresses to provide transparency about what the exchange does with its funds. After digging into Crypto.com's transactions, one user, Conor Grogan, points out that the exchange sent 320,000 in Ethereum to Gate.io on October 21st, an amount that makes up about 80 percent of the company's Ethereum holdings.

Marszalek later added that it was able to recover "the entirety" of the transferred assets. Users on Twitter confirmed that Crypto.com received its funds back about a week later.... Gate.io also issued a response, noting that it started returning the funds once it realized the transfer was "an operation error." But hey, at least Crypto.com's funds were actually returned this time. In August, a pretty unfortunate typo resulted in Crypto.com giving a customer $7.2 million instead of a $68 refund, which it's currently suing to get back.

Despite the reassurances from Marszalek that "all our systems are operating normally," this whole ordeal is sparking withdrawals from the platform as users begin to worry whether Crypto.com will suffer the same fate as the now-bankrupt FTX and other beleaguered firms.

Banks do this kind of thing periodically

[rsilvergun]

But they're tightly regulated and heavily insured so it's not a big deal when it happens. The problem with crypto is that the complete lack of insurance and regulation means that had anything gone wrong the money would have been lost.

It's just a friendly reminder that you shouldn't do business with a bank that isn't regulated.

Re:

[arosenfield]

Citigroup accidentally transferred $900 million to Revlon [npr.org] in August 2020. It was repayment for a loan, but rather than just the required interest payments, they paid back the entire principal in full. They sued to try to get their money back, but so far have been unsuccessful, since the money paid was actually owed. (And then to add insult to injury, they were fined another $400 million by regulators after the incident.)

Re:

[gweihir]

That is a special case and since the money was actually owed they may just have essentially used a contractual possibility by paying it back in full. That said, Citigroup is probably the most incapable well-known bank with regards to IT and IT security. That regulatory fine was likely because they did not implement procedures they are required to implement.

Re:

[rsilvergun]

Also Citi had the money to absorb the cost. And a big part of the reason they have the cash on hand to do that is because the government legally requires them to and periodically audits them to ensure they really do.

If something like that happened with a crypto firm it would probably just collapse The firm because they don't really have that much cash on hand and nobody is enforcing regulations on them and they're illegal Banks.

We didn't just regulate finance for fun. There were decades of problems

Re:

[gweihir]

Exactly. Regulation is in place because the alternatives are much, much worse. Unfettered capitalism routinely kills itself, but that is contrary to the quasi-religious (and about as valid) belief that it will be good for everybody.

Re:

[thegarbz]

Most legal systems around this work on the principle: "expectation of funds" = "entitlement of funds"

When citi transferred the principle rather than the interest, there's cause to believe that it was an expected sum the person felt entitled to.
If the guy getting a $68 transfer instead gets a $98 transfer the result would be the same.

If on the other hand you're expecting something with 3x zeros in it and you get $7.2million, then it's not yours to keep, not in personal or corporate transactions.

Re:

[edis]

Wasn't that advertised as a lucrative benefit?
You lose money, as they were known, when entering crypto realm.

Re:

[AmiMoJo]

In the UK this sort of thing isn't covered by regulations. If you send money to the right account then the recipient is legally obliged to give it back by civil law, but there is no special rule for banks.

If the recipient refuses then all that anyone can do is sue them. That usually results in them being ordered to return the money, but there have been cases where the recipient successfully argued that they shouldn't have to return all of it. In fact it happened to someone in my family, they were overpaid f

Re:

[misexistentialist]

tightly regulated and heavily insured

Can't regulate a bank into giving back money it doesn't have, and similarly insurance can't pay out money it didn't collect in premiums. Any safety is really coming from scale that reduces the impact of smaller mistakes and fraud, but opens the door for massive ones...

Re:

[thegarbz]

It's not just insurance, there's a legal framework that protects people who inadvertently make a huge SNAFU. If you receive something outside of normal expectation then it's not yours to keep and ultimately the legal system resolves that without regulation or insurance.

The guy being sued for $7.2million is about to find that out the hard way.

The way it normally goes is if an error is conceivably correct then you get to keep the funds.
e.g. If you expect $68 and you get $98 then it's yours to keep. If you exp

Re:

[supremebob]

Your bank probably has its reserve assets in something more stable than Shiba Inu tokens, though:

https://www.coindesk.com/marke... [coindesk.com]

If they did lose that money and had to sell their reserves to make a customer whole, I'm not sure that selling some lame Dogecoin clone tokens is going to generate the funds.

Where Is The Rug Pull ?

[stooo]

Where is The Rug Pull ?

Missing FTA

[Anonymous Coward]

"Earlier this year, Crypto.com sent approximately US$400M worth of Ethereum, which is the equivalent of US$1045.05 in November 2022."

so it worked?

[cstacy]

They sent the funds to the wrong address, but it was to some live wallet they controlled; and they were able to send it back to themselves? The unintended transfer worked because the destination was "whitelisted" (i.e. one of their own accounts)? This sound like a story of how their procedures are actually working.

Unlike the previous stories of just sending "money" to the wrong place altogether.

Note: I didn't read the whole summary much less TFA. The subject being crypto and all...

Re:

[Anonymous Coward]

They sent it to another exchange (gate .io). Some exchanges are buddy-buddy.

This was around the time that gate was being audited so there is some question as to whether this transfer was just to bolster their numbers during the audit and maybe gate is insolvent.

However, records show the transfer was done a day or two AFTER the audit but the audit report itself didn't come out until after the transfer. We don't really know if everyone is telling the truth or not, including the auditors. The dates are really

How incompetent can you get?

[gweihir]

Whenever I think they have reached peak-incapability, they do crap like this. Clueless, incompetent, arrogant and greedy. What's not to like? When a bank does this (which basically happens almost never and banks make transfers in this size all the time), there are binding _agreements_ in place that make sure the transaction can be reversed. The only case the money may be gone is basically if the target bank goes bankrupt at just the wrong moment.

DeFi seems to be "Demented Finance", where all the basic probl

Re:

[thegarbz]

which basically happens almost never

Why would you say this? Banks do this *incredibly often*. Heck we've covered many such stories here on Slashdot of traditional banks doing this.

Citibank and their $900million fuckup: https://tech.slashdot.org/stor... [slashdot.org]
New Zealand example with a $10million fuckup to a client: https://idle.slashdot.org/stor... [slashdot.org]

Re: How incompetent can you get?

[Cyberax]

There are something like 15 billion bank transactions every single day. One or two examples a year is indeed "almost never".

Depends how much money is involved

[jhecht]

There aren't just "one or two examples a year" of mistaken bank transactions a year. There are many more, but most re tens or hundreds or even thousands of dollars, and nobody makes much of a fuss because they are caught and corrected (or missed altogether). Only when it's a serious amount of money and the bank can't correct it quickly and quietly after it's caught does it make a big splash in the press. Crypto has been having more incidents that involve serious amounts of money that are not easily correct

Ho Hum.

[fredrated]

Another day another Crypto train wreck.

FTX send $1 Billion to unknown accounts

[thesjaakspoiler]

and nothing will come back. What a cliffhanger!

Monopoly money

[kbg]

1) Anytime anyone mentions the value of a crypto they refer to an actual USD money amount, since crypto has no value in itself.
2) Are you telling me that you could sell $416 million USD of crypto and get that amount of money immediately transferred to your account? Of course not. You can't actually sell that much crypto and get actual real money, therefore any value of crypto is meaningless.

All of this crypto money is just the same. Doesn't anyone notice this? Sometimes I feel like I am taking crazy pills.

It's not your "systems" that are faulty.

[geekmux]

Despite the reassurances from Marszalek that "all our systems are operating normally," this whole ordeal is sparking withdrawals from the platform...

It's not your systems that are likely faulty. It's your processes and procedures that suck.

"New process and features were implemented to prevent this from reoccurring."

When you're transferring over 10% of your entire holdings in one transaction, this is probably something that should have never happened in the first place. Let's hope the follow up statement is true, but that is why people are withdrawing. You've raised just enough suspicion in a highly unregulated industry, regardless of the attempt on transparency.

Where is The Rug Pull ???

[stooo]

>> It's not your systems that are likely faulty. It's your processes and procedures that suck.
Yep. They missed the big part of any crypto process: The Rug Pull.
What a beginner's mistake !

No mistake.

[xpiotr]

Apparently the "competitor" had some kind of audit of the cash flow the same week that it magically got funds 'by mistake'.

Blockchain records on Etherscan show that on October 21, Crypto.com sent the sum, around 80% of its total ETH reserves, to rival exchange Gate.io—just before Gate.io provided “proof of reserves” to its users on October 28 as part of a new push for transparency after the FTX crisis.
Source [decrypt.co]

We Are All Equal in the Eyes of The Law

[CoolDiscoRex]

I read the linked article from that post about the same company sending $7 million to a customer on accident, and a judge ordering said customer to sell the house they bought with it and return the money ... with interest.

Then I thought about the time I fat-fingered an options trade and when I reported the mistake, was told to go eat myself. Politely.

Then I remembered the time the bank mistakenly deposited $10K in my account, then threatened me not to spend it. "It was an error", they told me, and the law