In brief

  • Cred, a crypto lending service, announced last night a freeze on all customer funds as it investigates a "fraudulent incident."
  • Cred advertises insurance for customer deposits, but has yet to confirm if customer funds have been impacted or will be returned.
  • The company has recently clarified that the incident did not involve a hack but the mishandling of "specific corporate funds."

Crypto lending service Cred has unexpectedly halted all customer deposits and withdrawals, leaving users with little more than a cryptic message about a ‘fraudulent incident’ and ongoing cooperation with law enforcement. 

A company statement provided to Decrypt suggests Cred suspects the loss might have been an inside job.

Cred announced via Twitter after 10pm ET on Wednesday that all inflows and outflows of funds would be suspended until additional updates were released “within the next two weeks.” A short follow up tweet also gave assurances that no client personal data or account information had been compromised, and that Cred was cooperating with law enforcement authorities to investigate a recent fraudulent incident.

In an exchange with the Cred support account AskCred, the Cred Team indicated that the fraudulent activity had impacted the company’s financial position.

“Cred has experienced irregularities in the handling of specific corporate funds by a perpetrator of fraudulent activity that has negatively impacted Cred’s balance sheet and precipitated a law enforcement investigation into the loss of these funds,” Cred support staff told Decrypt in an email.

“Cred is in the process of carrying out an internal accounting of its assets and assessing the impact of the incident on its current business and in consultation with legal counsel has determined to temporarily suspend all inflows and outflows of funds relating to the CredEarn program.”

Loss of funds, especially when attributed to hacks or exit scams, is an all too common incident in the cryptocurrency industry. Seldom will such incidents attract the attention of law enforcement, since crypto is still very loosely regulated and operates largely in legal grey areas.

Cred, founded in 2017 and based in San Francisco, has taken measures to foster relationships with government officials in the furtherance of crypto-friendly regulations. Last year, the company hired Ally Medina, mayor of Emeryville, California, to lead its government outreach initiatives.

The firm’s business relies on providing interest earnings on crypto deposits and loans backed by crypto collateral while only taking a small service charge for, as outlined on their website, “insurance, licensing, and liquidity” while distributing the rest to customers. Indeed, the Cred website makes several references to insurance on deposits provided by crypto custody providers Fireblocks and Lockton, calling the coverage “one of the most comprehensive insurance policies available, including cyber hacking, E&O (errors and omissions) and regulatory coverage.”

The Cred website also explains that Cred deposits are not FDIC insured, unlike deposits at traditional US banks. In other words, Cred advertises insurance coverage through private agreements like those with Fireblocks, but it is not guaranteed by insurance from the US banking system.

Despite multiple claims of insurance coverage, however, Cred communications on the incident thus far have offered no assurance that customer funds are safe or that customers will be made whole if indeed funds have been stolen or otherwise impacted.

Trouble in crypto land has recently been concentrated in hacks against decentralized finance protocols, built on the bleeding edge of blockchain capabilities and often vulnerable to clever exploits of the underlying code.

But the recent Cred incident is a reminder that more traditional, centralized operations are also still at risk—and despite promises of insurance, there’s no guarantee funds are ever truly safe.