Crypto.com Data Breach Confirmed; Marfeel Violate Privacy Policies


In today's ExchangeWire news digest: Crypto.com's CEO, Kris Marszalek, confirms data breach in Bloomberg TV interview; Marfeel have been accused of violating IAB privacy policies and GDPR regulations by Confiant; and Carry1st have raised USD$20m (£14.7m) in a Series A extension led by Andreessen Horowitz.


Crypto.com users are victims of a security hack

Crypto.com’s CEO, Kris Marszalek, has confirmed a security breach of “about 400 accounts” in an interview with Bloomberg TV on Wednesday (19 January). In a blog post uploaded today (20 January), the exchange app announced that it was in fact 483 users that were affected by the hack that took place on Monday (17 January), but all accounts were fully reimbursed. An outside analyst estimated that USD$15m (£11.02m) was lost during the breach, however Crypto.com reported that “unauthorised withdrawals totalled 4,836.26 ETH (£11.14m), 443.93 BTC (£13.7m), and approximately US$66,200 (£48,638.45) in other currencies.”

Marszalek described this security error as a “great lesson” which has resulted in a revamping to a new 2FA infrastructure. 2FA (Two-Factor Authentication) is an additional layer of security, where users have to present their 2FA code when carrying out certain actions. During the breach, hackers were completing transactions whilst bypassing this safety step. Subsequently, “Crypto.com introduced an additional layer of security on 18 January 2022 to add a mandatory 24-hour delay between registration of a new whitelisted withdrawal address, and first withdrawal.”

Although crypto markets are becoming more and more significant in the financial sector, they’re also becoming increasingly tempting to online hackers. A survey conducted last year by insights platform, Attest, has shown that out of the 500 US consumers questioned, over half showed interest in the concept of cryptocurrency - highlighting a promising future. But when it came to concerns, lack of trust landed near the top…and rightfully so. A report by Crystal Blockchain has estimated that over USD$4bn (£2.94bn) worth of cryptocurrencies was stolen in 2021, almost tripling 2020’s result of nearly USD$1.5bn (£1.102bn).


Marfeel accused by Confiant of breaching privacy policies

Content intelligence platform, Marfeel, have been accused of violating IAB privacy policies and GDPR regulations by
ad security platform, Confiant. The New York-based protection firm looks out for violations of the “Interactive Advertising Bureau's (IAB) framework for the California Consumer Privacy Act of 2018 (CCPA) and IAB Europe's framework for the General Data Protection Regulation (EU) 2016/679 (GDPR),” and has detected consent string tampering by a vendor, named as the Colombia-based entity.

As a Consent Management Platform (CMP), in this instance Admiral, is used by the publisher on whose site Marfeel operates, it is the responsibility of the CMP to provide users with data collection notices under the IAB Europe Transparency & Consent Framework (TCF) v2.0. It has, however, been detected that the publisher platform, Marfeel, allegedly had an alternative, encoded consent string, essentially acting as a blanket “Accept All” consent string. Marfeel have no valid reason to be creating consent strings, as they’re running a client-side auction as opposed to acting as a CMP. Confiant have claimed that if no consent string was available, Marfeel referred to their own instead of Admirals. “The consent string didn’t only give consent to Marfeel but there was certainly an element of self-dealing here.”

According to reports from law firm DLA Piper, EU privacy protection authorities have slammed companies with a total of USD$1.2bn (£881.44m) fines over GDPR breaches since 28th January 2021 - and big tech have taken the brunt. The number is up from about USD$180m (£132.2m) in 2020, showing the path regulators are, and will be, taking to ensure consumers have more control over their data privacy.

Clarification - 21/01/2022: As per the original statement by Confiant, Marfeel corrected the issue as of Sunday 12th December 2021.

Clarification - 28/01/2022: Marfeel have issued a response to the claim, "The incidence reported by Confiant was notified by the IAB to Marfeel on 6 December 2021. We got the IAB acknowledgment that the issue had been successfully addressed on 13 December 2021. Marfeel takes and will always take User Privacy very seriously and has acted accordingly by completing certification processes to become GDPR, CNIL, CCPA, Popia and LGPD compliant. Marfeel has received several IAB certifications and also has a public DPIAS document. Marfeel never had any consent string tampering intention and we sincerely apologise to our customers and the industry for any inconvenience the issue described above may have caused. We will continue working hard to deliver world class products with a user privacy by design and by default approach."


Carry1st have raised USD$20m (£14.7m) in a Series A extension

South African games developer, Carry1st, have raised USD$20m (£14.7m) in a Series A extension led by Andreessen Horowitz, marking this as their first investment in an African-based company. Nas and the founders of Chipper Cash, Sky Mavis, and Yield Guild Games also took part in the recent extension investment. The round is an addition to the Series A that the company underwent in May with participation from Riot Games, Konvoy Ventures, Raine Ventures, and TTV Capital (who also joined the additional round).

Avenir and Google also supported the recent round, and according to reports, this capital is Google’s second check from their Africa Investment Fund set up in October. The tech giant supported Ugandan super app SafeBoda, back in December for an undisclosed amount. Carry1st tweeted yesterday (19 january), that they “look forward to taking the next step in becoming the leading consumer internet company in Africa.”

Carry1st, founded in 2018, are a publisher of social games and interactive content across Africa - the “fastest growing mobile gaming market in the world.” According to the platform, in just five years, Africa will have double the number of gamers than in North America currently. CEO and co-founder of Carry1st, Cordel Robbin-Coker told Techcrunch, “we have a full-suite service that starts with distribution and partnerships. We help them create bespoke marketing materials from short-form advertising videos to statics, and we customise their content to resonate with individuals in different countries.”

The app developer recently partnered with PayPal and Chipper Cash to launch their new product Carry1st Shop. Robbin-Coker described this collaboration as a way to eradicate “the pain points that consumers face when purchasing virtual goods”. He adds, “in Chipper Cash we have a partner that is perfectly aligned with our passion and dedication to revolutionise payments across Africa through technology and sector expertise, and to help the continent seize the unprecedented opportunities that lie ahead.”


Also in the news:

- Didomi Releases Preference Management Platform

- Good-Loop Launches Green Watermark For Climate-Friendly Ads

- TheViewPoint Releases Intelpoint Machine Learning Algorithm for Bidding Optimisation